[Zope-dev] Security validation issue
I've written a Zope product that exposes a "MenuItem". I add a menuItem in a Zope folder, and I have no difficulty accessing and editing it via the ZMI. I've written an xml-rpc-like protocol for Zope, that basically validates the security "manually". This menuItem has an attribute called "def getVersion(self):" which returns an int. This is the Code that prevents me from accessing the method in python, via my protocol: if not AccessControl.getSecurityManager().validate(None, object, attributes[-1]): raise UnauthorisedAccessException('Unauthorised: ' + originalAddress) object = > This is the method getVersion attributes[-1] = "getVersion" (string) UnauthorisedAccessException: Unauthorised: menus.administration.addUser.getVersion This code works for any other default Zope type, but not mine. Did I perhaps forgot a permission or something? I can access this fine via the ZMI, but when I validate it this way, python just starts cursing at me. Can somebody help? Thanks H ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: Call for testing (2.6.4 / 2.7.0)
On Wed, 28 Jan 2004 13:36:31 +0100 yuppie <[EMAIL PROTECTED]> wrote: > Hi! > > > Brian Lloyd wrote: > > In the meantime, it would be helpful for anyone who runs from > > the 2.6 or 2.7 branches in CVS to update and let us know if you > > have any unresolved problems. > > Right now I have no time to track this down myself, but the attached > CMF test failures seem to be related to the last Zope changes. Don't > know if these tests need to be updated or if they reveal a bug in > Zope. These tests seem pretty naive. I don't thing user objects promise to compare to one another in any way. Looks to me like the tests should be changed to something like: self.failUnless(f.getOwner() is ownership) -Casey ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: Call for testing (2.6.4 / 2.7.0)
Hi! Brian Lloyd wrote: In the meantime, it would be helpful for anyone who runs from the 2.6 or 2.7 branches in CVS to update and let us know if you have any unresolved problems. Right now I have no time to track this down myself, but the attached CMF test failures seem to be related to the last Zope changes. Don't know if these tests need to be updated or if they reveal a bug in Zope. Cheers, Yuppie == FAIL: test_createMemberArea (Products.CMFCore.tests.test_MembershipTool.MembershipToolSecurityTests) -- Traceback (most recent call last): File "/usr/local/lib/Zope-2.7/Products/CMFCore/tests/test_MembershipTool.py", line 82, in test_createMemberArea self.assertEqual( f.getOwner(), ownership ) File "/usr/lib/python2.3/unittest.py", line 302, in failUnlessEqual raise self.failureException, \ AssertionError: != == FAIL: test_constructContent (Products.CMFCore.tests.test_TypesTool.TypesToolTests) -- Traceback (most recent call last): File "/usr/local/lib/Zope-2.7/Products/CMFCore/tests/test_TypesTool.py", line 125, in test_constructContent self.assertEqual( f.getOwner(), acl_users.user_foo ) File "/usr/lib/python2.3/unittest.py", line 302, in failUnlessEqual raise self.failureException, \ AssertionError: != == FAIL: test_createMemberArea (Products.CMFDefault.tests.test_MembershipTool.MembershipToolSecurityTests) -- Traceback (most recent call last): File "/usr/local/lib/Zope-2.7/Products/CMFDefault/tests/test_MembershipTool.py", line 88, in test_createMemberArea self.assertEqual( f.getOwner(), ownership ) File "/usr/lib/python2.3/unittest.py", line 302, in failUnlessEqual raise self.failureException, \ AssertionError: != -- Ran 366 tests in 8.800s FAILED (failures=3) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Call for testing (2.6.4 / 2.7.0)
Bingo, I tested with 2.7 and things work again. thanks for your efforts. Robert On Tuesday 27 January 2004 22:08, Brian Lloyd wrote: > Hi all - > > Tres and I have been working to merge some final fixes, and > I'd like to be able to make rc2 releases for 2.6.4 and 2.7.0 > tomorrow. > > In the meantime, it would be helpful for anyone who runs from > the 2.6 or 2.7 branches in CVS to update and let us know if you > have any unresolved problems. > > It would be especially helpful for those who were having > trouble with things like workflow scripts under the rc1 > releases to give this a shot and let us know if the trouble > is resolved. > > **Note that you need to rebuild the C extensions, due to a > fix to cAccessControl. Be sure to do this before reporting > any lingering issues!** > > Thanks, > > > Brian Lloyd[EMAIL PROTECTED] > V.P. Engineering 540.361.1716 > Zope Corporation http://www.zope.com > > > ___ > Zope-Dev maillist - [EMAIL PROTECTED] > http://mail.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )