Re: [Zope-dev] [Zope Enhancement Proposal] Sanitizing local roles
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 23 Jul 2004 03:30 am, Dieter Maurer wrote: Moreover, I propose to change the local role management pages. When setting local roles, information about acquired local role definitions is very helpful. I therefore propose to display this information on the local role edit page. I have implemented a security information page that details this and more info. I've always found the default security edit pages to be less than useful since they inherently use acquisition, but don't tell you what would be or is currently acquired. The code is attached. We mix it in with every object. A sample output is also attached. I have found it invaluable when debugging permissions problems. Would this be a useful thing to add to 2.8? Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBAKsMrGisBEHG6TARAiwuAJ9n7wLGWzhDa7kGyr/5q8zwi3SV0QCfXX1f JAcHE9s71y9N/4oyNgRiRg4= =ATJ2 -END PGP SIGNATURE- ManageViewAccess.py Description: application/python dtml-var manage_page_header dtml-var manage_tabs h2Access permissions dump/h2 dl dtstrongValid Roles:/strong dddtml-var ', '.join(valid_roles()) dtstrongUser Defined Roles:/strong dddtml-var ', '.join(userdefined_roles()) dtstrongLocal Roles:/strong dd table class=listing tbody trthAt Object/ththLocal Roles Defined/th/tr dtml-in list_local_roles trtd dtml-var sequence-key /tdtd dtml-var 'br'.join(['%s: %s'%(i[0], ', '.join(i[1])) for i in _['sequence-item']]) /td/tr /dtml-in /tbody /table dtstrongPermission Usage:/strong dd table class=listing tbody trthPermission/ththAssigned To/th/tr dtml-in list_permission_use mapping trtd dtml-sequence-key; /tdtd dtml-perm; from dtml-from; /td/tr /dtml-in /tbody /table dtstrongPermission Settings:/strong dd table class=listing tbody trthPermission/ththHas Roles Assigned/th/tr dtml-in list_permission_roles trtd dtml-var sequence-key /tdtd dtml-var 'br'.join([', '.join(d['roles']) + ' from %(from)s'%d for d in _['sequence-item']])br /td/tr /dtml-in /tbody /table /dl dtml-var manage_page_footer Title: CGPublisher ZopeCGPublisherpublishers1 (Jane's Books)products2 (Jane's test book 2)details Jane's Books Works About Security Messages People Products Orders Work Templates Web Space Product Information Availability Subject Book Information Cover Images Access permissions dump Valid Roles: Actioner, Anonymous, Authenticated, Contributor, Creator, Manager, Owner, Publisher, System RPC, Visitor User Defined Roles: Local Roles: At ObjectLocal Roles Defined details 2 products admin: Owner 1 2: Publisher publishers admin: Owner CGPublisher admin: Owner Permission Usage: PermissionAssigned To DELETE Delete objects from webdav.Resource.Resource HEAD View from webdav.Resource.Resource LOCK WebDAV Lock items from webdav.Resource.Resource PROPFIND WebDAV access from webdav.Resource.Resource PROPPATCH Manage properties from webdav.Resource.Resource UNLOCK WebDAV Unlock items from webdav.Resource.Resource ac_inherited_permissions Change permissions from AccessControl.Role.RoleManager acquiredRolesAreUsedBy Change permissions from AccessControl.Role.RoleManager addStorageData Manage properties from Products.CGPublisher.storage.Storage.Storage addStorageDataForm Manage properties from Products.CGPublisher.storage.Storage.Storage asCGXML View public storage metadata from Products.CGPublisher.storage.Storage.Storage countRepetitions Access contents information from Products.CGPublisher.storage.Storage.Storage dummy_public View public storage metadata from Products.CGPublisher.storage.Storage.Storage dummy_shared View shared storage metadata from Products.CGPublisher.storage.Storage.Storage dump View private storage metadata from Products.CGPublisher.storage.Storage.Storage editPane View from Products.CGPublisher.storage.Storage.Storage editPaneHelper View from Products.CGPublisher.storage.Storage.Storage genericSchemaForm View from Products.CGPublisher.storage.Storage.Storage getAttribute Access contents information from OFS.ZDOM.Element getAttributeNode Access contents information from OFS.ZDOM.Element getAttributes Access contents information from OFS.ZDOM.Node getChildNodes Access contents information from OFS.ZDOM.Node getElementsByTagName Access contents information from OFS.ZDOM.Element getFirstChild Access contents information from OFS.ZDOM.Node getLastChild Access contents information from OFS.ZDOM.Node getNextSibling Access contents information from OFS.ZDOM.Node
Re: [Zope-dev] Making a ZSQL.DA fully multi-threaded?
Dieter Maurer wrote: All DA's I saw up to now, do a reconnect. ZOracleDA didn't... But this is *WRONG -- as part of a transaction may have been lost. After reconnecting, they should raise an exception derived from ConflictError and let the complete request retry. ...but it now does this :-) Chris -- Simplistix - Content Management, Zope Python Consulting - http://www.simplistix.co.uk ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Reporting X-FORWARDED-FOR into the log ( REMOTE_ADDR )
Yes, X-FORWARDED-FOR, but this solution (enabling trusted-servers in zope.conf) do not work. Trusted-servers in my zope.conf are already enabled, but in the log file, the ip of the proxy appears when I want to log the ip of the client. I was searching the function that writes the REMOTE_ADDR variable into the log file in order to modify it. I want to modify the function that writes de REMOTE_ADDR variable to: if X-FORWARDED-FOR and REMOTE_ADDR in trusted-servers --- Toby Dickenson [EMAIL PROTECTED] escribió: On Thursday 22 July 2004 12:06, Egon wrote: I have a Zope server behind a proxy server, this proxy enables de X-FORWARDED-FROM that contains the real ip of the client that is connected. I want to log this variable but I cannot find the way to do it. Check out trusted-proxies in the zope configuation file. and you mean X-FORWARDED-FOR, not -FROM, right? -- Toby Dickenson __ Yahoo! lanza su nueva tecnología de búsquedas ¿te atreves a comparar? http://busquedas.yahoo.es ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Reporting X-FORWARDED-FOR into the log ( REMOTE_ADDR )
Yes, X-FORWARDED-FOR, but this solution (enabling trusted-servers in zope.conf) do not work. Trusted-servers in my zope.conf are already enabled, but in the log file, the ip of the proxy appears when I want to log the ip of the client. I was searching the function that writes the REMOTE_ADDR variable into the log file in order to modify it. I was searching this function across the source code of Zope 2.7.1 in /opt/zope/lib/python. I want to modify the function that writes de REMOTE_ADDR variable to: if X-FORWARDED-FOR and REMOTE_ADDR in trusted-servers: REMOTE_ADDR = X-FORWARDED-FOR log ( REMOTE_ADDR) Anyone can help me ? Thanks --- Toby Dickenson [EMAIL PROTECTED] escribió: On Thursday 22 July 2004 12:06, Egon wrote: I have a Zope server behind a proxy server, this proxy enables de X-FORWARDED-FROM that contains the real ip of the client that is connected. I want to log this variable but I cannot find the way to do it. Check out trusted-proxies in the zope configuation file. and you mean X-FORWARDED-FOR, not -FROM, right? -- Toby Dickenson __ Yahoo! lanza su nueva tecnología de búsquedas ¿te atreves a comparar? http://busquedas.yahoo.es ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Making a ZSQL.DA fully multi-threaded?
On 23 Jul 2004 at 10:58, Chris Withers wrote: Dieter Maurer wrote: All DA's I saw up to now, do a reconnect. ZOracleDA didn't... But this is *WRONG -- as part of a transaction may have been lost. After reconnecting, they should raise an exception derived from ConflictError and let the complete request retry. Perhaps I don't understand, but how could their be a missing transaction? Zope starts, connects to database Zero or more transactions occur Zope is idle for some period of time Z new transaction arrives, some transactions occur in ZODB. A transaction is attempted on a database connection. The DA gets a 'your connection has timed out' error from the db connection. It reconnects, it retries the transaction, no error occurs, so DA returns success. This is the way gvibDA works. It reconnects and retries. Where are transactions lost in this scenario? Remember, I'm talking about the DA catching connectioned timed out due to idle activity, and no other DB exceptions. -- Brad Clements,[EMAIL PROTECTED] (315)268-1000 http://www.murkworks.com (315)268-9812 Fax http://www.wecanstopspam.org/ AOL-IM: BKClements ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ERROR(200) ZODB Couldn't load state for... Memory problem?
Thanks Tim and Chris! - You were both dead on in so many respects. Chris, There was a correlation with flip in the logs Tim: looks like once a None occurs it sticks. Source of the problem was an old cache file (1-None-1) that could not be overwritten by the current uid running Zope. (That's the second stupid permissions problem in as many days. My advice - if you have any kind of cache problems occurring after an initial period, look hard at permissions. Secondly - don't be sloppy and run zope first as one user then as another. Thirdly grep the event logs for IOError first. That's the easiest thing to fix.) more comments below... On 23 Jul 2004, at 02:14, Tim Peters wrote: [Chris McDonough] ... I think the problem is related to ZEO client storage cache flips. .. anyway, pointing to None. But this code gives me a headache, and I'm not sure that can actually happen (despite that I hear you guys saying it is wink>). I was slow interpreting all of this due to separate event files. This piece of bash script was helpful to get a grip of time order between Clients: grep ZEC ev*.log | sed 's/:/ /' | sort -k 2 > interleaved.ZEC.events.log a multi-line merge script would be helpful. I'll bet someone's created one. But then I turned off persistent ZEO client cachefile storage (but omitting the zeo-client-name parameter from zope.conf), believing this would be a workaround, but it hasn't been. I gave up at that point and that's where I am now. Did you continue to get errors in the log near cache-flip times? I don't see a way for checkSize() to screw up unless an unexpected exception is raised. Bingo! 2004-07-21T11:35:07 INFO(0) ZEC:1-None-1 flipping cache files. new current = 1 -- 2004-07-21T11:35:07 ERROR(200) ZODB Couldn't load state for 00012323 Traceback (most recent call last): File /usr/local/zope/zope271/lib/python/ZODB/Connection.py, line 559, in setstate p, serial = self._storage.load(oid, self._version) File /usr/local/zope/zope271/lib/python/ZEO/ClientStorage.py, line 754, in load self._cache.checkSize(0) File /usr/local/zope/zope271/lib/python/ZEO/ClientCache.py, line 581, in checkSize self._f[current] = open(self._p[current],'w+b') IOError: [Errno 13] Permission denied: '1-None-1' ... My theory is that it will happen as often as a Zope client's ZEO client storage needs to flip its cache file. The cache file is only flipped when it exceeds a certain size and it only exceeds a certain size after a certain pattern of usage causes it to do so (lots of loads from the database of new items, typically). Yup! It appears that once self._f[self._current] is None, all future attempts by ZEO to store into its client cache will fail the same way. So I'd be even more surprised if you saw just one of these occur. Yup! It would be nice if you could confirm this. Reading the Zope event log file of the client that generated the error would be a good start. The log is everything here. The ZEO client cache logs most relevant messages at info level, producing msgs starting with ZEC. Thanks again for the insights. --r. Russ Ferriday Solution Workshops for Plone (+44) (0) 7789 338868 http://www.solutionworkshops.com ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ERROR(200) ZODB Couldn't load state for... Memory problem?
Thanks a lot for the confirmation! I haven't seen this problem crop up in several days myself, but that may just be due to the fact that the ZEO cache hasn't flipped. (Tim, yes, when it does happen, it only happens once; then the server is restarted by my customer to get the site going again, so it's a bit difficult to tell what's happening, although I am trying to catch it in real time). I'd like to chalk this up to improper permission settings; I just need to figure out how to do that in my case because I start Zope from an rc script as the zope user and my customer and myself only log in and manage Zope-related processes as the zope user. In fact, to avoid this sort of problem, I actually have a Zope startup regiment that prevents it from possibly even beginning to start as the root user or another user via a wrapper script. Unless someone is doing something behind my back, which is of course possible. Here's a demonstrative traceback: 2004-07-13T12:01:29 INFO(0) ZEC:1-None-1 flipping cache files. new current = 1 -- 2004-07-13T12:01:29 PANIC(300) ZODB A storage error occurred in the last phase of a two-phase commit. This shouldn't happen. The application will not be allowed to commit until the site/storage is reset by a restart. Traceback (most recent call last): File /home/zope/dhportal/opt/Zope-2.7.1/lib/python/ZODB/Transaction.py, line 372, in _finish_many jar.tpc_finish(self) File /home/zope/dhportal/opt/Zope-2.7.1/lib/python/ZODB/Connection.py, line 763, in tpc_finish self._storage.tpc_finish(transaction, callback) File /home/zope/dhportal/opt/Zope-2.7.1/lib/python/ZEO/ClientStorage.py, line 927, in tpc_finish self._update_cache() File /home/zope/dhportal/opt/Zope-2.7.1/lib/python/ZEO/ClientStorage.py, line 953, in _update_cache self._cache.checkSize(self._tbuf.get_size()) File /home/zope/dhportal/opt/Zope-2.7.1/lib/python/ZEO/ClientCache.py, line 581, in checkSize self._f[current] = open(self._p[current],'w+b') IOError: [Errno 13] Permission denied: '1-None-1' One minor thing I noticed: even when a ZEO client is started with settings that should prevent it from using persistent cache files (namely, failing to set a 'zeo-client-name' in zope.conf), the logfile still reports: 2004-07-23T04:02:18 INFO(0) ZEC:1-None-0 ClientCache: storage='1', size=1; file[0]='1-None-0' This message is a bit puzzling when you're running without persistent cache files; it makes you think that a file named 1-None-0 is literally trying to be written. This is not the case (it actually goes into a tempfile somewhere). I can imagine a case where some code... Aha. Wait, I think I see what the problem is. It's related to this. The ZEO ClientCache.checkSize code assumes that if there is a non-None value in self._f[current] that you're running with persistent cache files. However, this can also be the case if you're running without persistent cache files; the __init__ method of ClientCache does this in that circumstance: self._f = f = [tempfile.TemporaryFile(suffix='.zec'), None] # If they are temp files just use illustrative names so # that the log messages describe the cache. self._p = p = [%s-%s-0 % (storage, client), %s-%s-1 % (storage, client)] f[0].write(magic + '\0' * (headersize - len(magic))) current = 0 (and self._current is set to local current later) So the code in checkSize that tries this when a cache flip is necessary: current = not self._current ... if self._p[current] is not None: # Persistent cache file: remove the old file # before opening the new one, because the old file # may be owned by root (created before setuid()). self._f[current].close() try: os.remove(self._p[current]) except: pass self._f[current] = open(self._p[current],'w+b') ... will be likely to fail at the last line if you're using nonpersistent cache files, because self._p[current] is (bogus) '1-None-0' (relative bogus filename). There should probably be a _using_persistent_cache flag attr rather than trying to inspect self._p to find out if we're using persistent caches. I may try to work up a patch + test for this later. On Fri, 2004-07-23 at 10:44, Russ Ferriday wrote: Thanks Tim and Chris! - You were both dead on in so many respects. Chris, There was a correlation with flip in the logs Tim: looks like once a None occurs it sticks. Source of the problem was an old cache file (1-None-1) that could notbe overwritten by the current uid running Zope. (That's the secondstupid permissions problem in as many days. My advice - if you haveany kind of cache problems occurring after an initial period, lookhard at permissions. Secondly - don't be sloppy and run zope first asone user then as another. Thirdly grep the event logs for IOErrorfirst. That's the easiest thing to fix.) more
Re: [Zope-dev] ERROR(200) ZODB Couldn't load state for... Memory problem?
On 23 Jul 2004, at 17:00, Chris McDonough wrote: Thanks a lot for the confirmation! A pint from me the next time I see you. And Tim! The next item is this message - I see many - and need to restart the instance that's spewing them: 2004-07-23T08:21:07 INFO(0) ZEC:1-None-1 load: bad record for oid 1c8c at position 2082264 in cac he file 1 This problem also occurs after a few hours. Is this caused because I'm on a MP box, with two clients, sharing the same directory for cache files?? if so, I can't see immediately how to put the files elsewhere, per Client. --r. Russ Ferriday Solution Workshops for Plone (+44) (0) 7789 338868 http://www.solutionworkshops.com ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ERROR(200) ZODB Couldn't load state for... Memory problem?
On Fri, Jul 23, 2004 at 06:18:08PM +0100, Russ Ferriday wrote: On 23 Jul 2004, at 17:00, Chris McDonough wrote: Thanks a lot for the confirmation! A pint from me the next time I see you. And Tim! The next item is this message - I see many - and need to restart the instance that's spewing them: 2004-07-23T08:21:07 INFO(0) ZEC:1-None-1 load: bad record for oid 1c8c at position 2082264 in cac he file 1 This problem also occurs after a few hours. Is this caused because I'm on a MP box, with two clients, sharing the same directory for cache files?? it shouldn't matter what directory as long as the filenames are unique... if so, I can't see immediately how to put the files elsewhere, per Client. You mean this, from zope.conf.in? # Directive: zeo-client-name # # Description: # If you want a persistent ZEO client cache which retains cache # contents across ClientStorage restarts, you need to define a # zeo-client-name. If you use ZEO and you don't set a # zeo-client-name, the client cache is stored in temporary files # which are removed when the ClientStorage shuts down. The value # of zeo-client-name is used to uniquely identify the local cache # files created if this Zope is a ZEO client. # # Default: unset # # Example: # #zeo-client-name zeo1 -- Paul Winkler http://www.slinkp.com ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Re: ERROR(200) ZODB Couldn't load state for... Memory problem?
Thanks Tres, That looks to be about it. We'll limp through today, and try this on the weekend. This will cause a couple of other changes and I don't have the nerve for it at 7PM on a Friday night. I'll let you know, and write up these last few lessons on Zope.org. --r. On 23 Jul 2004, at 18:35, Tres Seaver wrote: Russ Ferriday wrote: On 23 Jul 2004, at 17:00, Chris McDonough wrote: Thanks a lot for the confirmation! A pint from me the next time I see you. And Tim! The next item is this message - I see many - and need to restart the instance that's spewing them: 2004-07-23T08:21:07 INFO(0) ZEC:1-None-1 load: bad record for oid 1c8c at position 2082264 in cac he file 1 This problem also occurs after a few hours. Is this caused because I'm on a MP box, with two clients, sharing the same directory for cache files?? if so, I can't see immediately how to put the files elsewhere, per Client. (Untested): # zope.conf.appserver1 %include zope.conf.common clienthome /path/to/zope/var/appserver1 # zope.conf.appserver2 %include zope.conf.common clienthome /path/to/zope/var/appserver2 Tres. -- === Tres Seaver[EMAIL PROTECTED] Zope Corporation Zope Dealers http://www.zope.com ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope ) Russ Ferriday Solution Workshops for Plone (+44) (0) 7789 338868 http://www.solutionworkshops.com ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ERROR(200) ZODB Couldn't load state for... Memory problem?
No, I think Tres nailed it, in his reply. I'll confirm when I know more. Thanks anyway. --r. On 23 Jul 2004, at 18:38, Paul Winkler wrote: it shouldn't matter what directory as long as the filenames are unique... if so, I can't see immediately how to put the files elsewhere, per Client. You mean this, from zope.conf.in? # Directive: zeo-client-name Russ Ferriday Solution Workshops for Plone (+44) (0) 7789 338868 http://www.solutionworkshops.com ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ERROR(200) ZODB Couldn't load state for... Memory problem?
On Fri, 2004-07-23 at 13:18, Russ Ferriday wrote: On 23 Jul 2004, at 17:00, Chris McDonough wrote: Thanks a lot for the confirmation! A pint from me the next time I see you. And Tim! The next item is this message - I see many - and need to restart theinstance that's spewing them: 2004-07-23T08:21:07 INFO(0) ZEC:1-None-1 load: bad record for oid1c8c at position 2082264 in cac he file 1 This problem also occurs after a few hours. Is this caused because I'm on a MP box, with two clients, sharing thesame directory for cache files?? No, I think it's a real bug in ZEO, introduced by this checkin: http://cvs.zope.org/Zope/lib/python/ZEO/Attic/ClientCache.py.diff?r1=1.47.4.1r2=1.47.4.2only_with_tag=Zope-2_7-branch ... but to my surprise, it's also fixed by the next checkin! which appears to have been included in Zope 2.7.2: http://cvs.zope.org/Zope/lib/python/ZEO/Attic/ClientCache.py.diff?r1=1.47.4.2r2=1.47.4.3only_with_tag=Zope-2_7-branch So the easiest fix is probably to upgrade to Zope 2.7.2. There really wouldn't have been any way to know this unless you had your eyes peeled on the checkins list because the CHANGES.txt just says: - ZEO/ClientStorage: fixed check for temporary cache files (patch by Dieter Maurer) ... which is uselessly vague. HTH, - C if so, I can't see immediately how to put the files elsewhere, perClient. --r. Russ Ferriday Solution Workshops for Plone (+44) (0) 7789 338868 http://www.solutionworkshops.com ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [Zope Enhancement Proposal] Sanitizing local roles
robert rottermann wrote at 2004-7-22 21:35 +0200: I would very much apreciate such an enhancment. so ++1 I would like to see where a role was assigned. To keep the management page simple, my proposal only would tell you somewhere above. This is enough information to decide what to do locally. When you really would need to find the precise place you would need to go up until you see the definition. It would not be difficult to provide links for easy up movement. And If I can express yet an other wish: I would very much like to have a way to see what the settings for a particular User is. And where the settings for a given permissions have come from. You might be interested in GRUFs Audit. When I tried it in my installation, it entered an infinite loop -- apparently some bug. But conceptually, it may come near to what you want. -- Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Making a ZSQL.DA fully multi-threaded?
Brad Clements wrote at 2004-7-23 09:53 -0400: On 23 Jul 2004 at 10:58, Chris Withers wrote: Dieter Maurer wrote: All DA's I saw up to now, do a reconnect. ZOracleDA didn't... But this is *WRONG -- as part of a transaction may have been lost. After reconnecting, they should raise an exception derived from ConflictError and let the complete request retry. Perhaps I don't understand, but how could their be a missing transaction? Zope starts, connects to database Zero or more transactions occur Zope is idle for some period of time The bad sequence can look as follows: * Zope starts a request (and thereby a transaction) * The request sends a modifying request to a relational database * The connection is lost; the former modification is discarded as the database performs an automatic abort on connection close * The request sends another modifying requst to the database The DA detects the lost connection, reconnects and sends the SQL * The request ends and commits the transaction In this case, you get only one of two changes in the database while you should have got either none or both -- an inconsistency. Raising an exception derived from ConflictError will let ZPublisher abort the transaction and then restart the complete request. You have a chance to get both changes... -- Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Making a ZSQL.DA fully multi-threaded?
Chris Withers wrote at 2004-7-23 10:58 +0100: Dieter Maurer wrote: All DA's I saw up to now, do a reconnect. ZOracleDA didn't... Really? I saw it reconnecting... But this is *WRONG -- as part of a transaction may have been lost. After reconnecting, they should raise an exception derived from ConflictError and let the complete request retry. ...but it now does this :-) Raising an exception derived from ConflictError -- that's fine! -- Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Making a ZSQL.DA fully multi-threaded?
On 23 Jul 2004 at 20:08, Dieter Maurer wrote: The bad sequence can look as follows: * Zope starts a request (and thereby a transaction) * The request sends a modifying request to a relational database * The connection is lost; the former modification is discarded as the database performs an automatic abort on connection close The former modification cannot be lost because it was commited by the DA as part of the previous transaction. At least, gvibDA performs a database commit as part of the overall transaction machinery. So again, I don't see the loss.. -- Brad Clements,[EMAIL PROTECTED] (315)268-1000 http://www.murkworks.com (315)268-9812 Fax http://www.wecanstopspam.org/ AOL-IM: BKClements ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: Re: [Zope-dev] ERROR(200) ZODB Couldn't load state for... Memory problem?
On Fri, 2004-07-23 at 16:21, Tim Peters wrote: [Chris McDonough] ... self._f[current] = open(self._p[current],'w+b') will be likely to fail at the last line if you're using nonpersistent cache files, because self._p[current] is (bogus) '1-None-0' (relative bogus filename). Is it really *likely* to fail? I suppose it depends on the working directory of the shell/process used to start Zope. Zope doesn't mess with the working directory on its own, AFAIK. If you follow Richard Stevens' (UNIX Network Programming guy, apparently now dead) advice, he says that well-behaved daemon processes should change their working directory to /. So I suspect there are daemonizers that do this. Guido's zdrun daemon (which zopectl uses) gives you an option to set the working directory of the daemonized process, but I don't use it (neither zdrun nor the option, that is). It does nothing to the working directory by default. But I think the common case is that the program is run out of an /etc/init.d rc script, and I suspect the working directory is / when Zope gets started in that circumstance. Which I guess makes the error understandable. It's just a name, and it's opened in 'w' ('+b') mode, not 'r' mode. That is, it creates the file -- no file of that name need already exist (and if one does, it tries to overrwrite it). Running on Windows most days, I'm not usually aware of all the permission bugs Linuxheads delight in torturing themselves with wink. Yes. Gotta agree with you there. I don't think a day passes where I don't want to rip the face off the guy who proclaimed that TCP ports below 1024 couldn't be bound to by a user other than root. What a disaster. There should probably be a _using_persistent_cache flag attr rather than trying to inspect self._p to find out if we're using persistent caches. +1. As you later discovered, this hmm, let's try to guess what we're doing based on obscure droppings business is a continuing bug factory. Thankfully, Dieter fixed it so it doesn't (at least in this one case). I may try to work up a patch + test for this later. I'm neutral on whether you try, but +1 on you actually doing it wink. Too late! It's already fixed. I didn't know either. ;-) This thread was full of sound and fury - C ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Making a ZSQL.DA fully multi-threaded?
I dont see a data loss problem either (unless there are hardware failures) If a connection is dropped due to inactivity it should not affect any transactions going to occur in the future as a reconnect is issued before submitted new transactions. However connections getting dropped due to transport layer problems is a different matter. if a connection gets dropped by either side after making the request then it should be detected at either end and the transaction aborted (assuming a well behaved transport layer). There cannot be any loss in data in this scenario. This is expected behaviour with any RDBMS connection infrastructure, i.e If the transport layer guarantees delivery and employs the customary process of error detection and informs the application there should not be a data inconsistency problem ( unless there is a hardware failure ) I beleive Whether or NOT the transaction is resubmitted should be a decision on part of the application and not the DA or Zpublisher. The application can make a decision based on the circumstance and then if it chooses to do so issue the conflict error to invoke the Zpublisher machinery. Brad Clements wrote: On 23 Jul 2004 at 20:08, Dieter Maurer wrote: The bad sequence can look as follows: * Zope starts a request (and thereby a transaction) * The request sends a modifying request to a relational database * The connection is lost; the former modification is discarded as the database performs an automatic abort on connection close The former modification cannot be lost because it was commited by the DA as part of the previous transaction. At least, gvibDA performs a database commit as part of the overall transaction machinery. So again, I don't see the loss.. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )