[Zope-dev] Re: Improvements for Zope2's security
Lennart Regebro schrieb: > You have many good points in your list of troubles. Many of them are > resolved by using security declarations through ZCML instead. It would > be interesting to here your views on this. In general I preferre old and well tested security code over new security related code. Martjin, Phillip and all the other people are doing a great job with Five but well ... it's new code. New code tends to break because it is not as well tested as old code. Here is a list of my views and concerns about ZCML and Five security. Some or all of my points might be wrong. I had only one hour time to read code and I did no debugging or unit testing of my concerns. (NYV = not yet verified) * ZCML security declarations are great for Zope3 and Five classes because their default security policy is DENY unless explictly allowed. [NYV] The default object security of ClassSecurityInfo is declareObjectPrivate. [NYV] * But if you mix in subclasses of SimpleItem and others (Image, File and many more) you ar gaining their default security setting declareObjectPublic or declareObjectProtected(View)! It means that every method is availableunless explictly restricted. This could lead to security breaches. IMO it is easier to find an unprotected method by reading code when the security declaration sits next to the method. A checker method for unit tests could be useful. * Comments like are adding a bad gut feeling ... * As far as I understand the security system Zope2's can't protect attributes and descriptors (properties) with security.declarePrivate('attributename'). The default object permission always wins. A ZCML directive that protects an attribute or descriptor can lead to false security assumptions. [NYV] It is possible to protect attributes with different permissons by hooking into __allow_access_to_unprotected_subobjects__. The class var can be set to a bool (1 = public, 0 = private), a string (permission name), a dict (attribute name -> 0/1) or a callable. I have an idea how to protect descriptors and attributes based on some work from Sidney for Archetypes. * A long time ago somebody has told me that Zope2's security works only for objects that subclass from ExtensionClass.Base or an Acquisition class. Is this still true or is it a false information? Christian ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Improvements for Zope2's security
Hey guys! In the past few months I fiddled around with Zope2's security and access control code. I analysied my own code and code from other developers to search for common errors. Also I tried to think of ways to make the security system easier and more verbose on coding errors I have not yet implemented all my ideas but Zope 2.10 is on the door steps. Here is my first set of improvements. Issue 1 === Zope's security declarations have to be called with a method *name* AS STRING. Developers are human beeings and human beeings tend to make small errors like typos. Or they forget to change the security declaration when they rename a method. Zope doesn't raise an error when a developer adds a security declaration for a non existing method. Have a look at the following example. It contains a tiny but devastating typo:: security.declarePrivate('chooseProtocol') def chooseProtocols(self, request): ... These kinds or errors are extremly hard to find and may lead to big security holes. By the way this example was taken from a well known and well tested Zope addon! Solution The solution was very easy to implement. I created a small helper function checkClassHasMethod() and called it in the apply() method of AccessControl.SecurityInfo.ClassSecurityInfo. The apply() method is called at startup. The code doesn't slow down requests. Issue 2 === Another way to introduce security breaches is to forget the InitializeClass() call. The call is responsable for applying the informations from a ClassSecurityInfo. Without the call all security settings made through security.declare* are useless. The good news is: Even if a developer forgets to call the method explictly in his code the function is called implictly. The implicit call was hard to find for me at first. I struggled with the code in OFS.Image because there is an import of InitializeClass but it is never called. Never the less the security informations are somehow merged automagically. After some digging I found the code that is responsible for the magic. It's ExtensionClass' __class_init__ magic and OFS.ObjectManager.ObjectManager.__class_init__ Now the bad news: The magic doesn't work under some conditions. For example if you class doesn't subclass ObjectManager or if you monkey patch a class with security info object you have to call InitializeClass explictly. Solution Not yet finished. I've created a function checkObjectHasSecurityInfo() and added a call to ZPublisher.BaseRequest.DefaultPublishTraverse but it is untested. Issue 3 === Developers are lazy and they like to make typos. No one likes to type security.declarePrivate('chooseProtocol') so we are using copy & paste which may cause even more typos. Wouldn't it be cool to get rid of security. and typing the name of the method twice? Let's use decorators! Here is the doc test example from my patch: Solution Security decorators are an alternative syntax to define security declarations on classes. >>> from ExtensionClass import Base >>> from AccessControl import ClassSecurityInfo >>> from AccessControl.decorator import declarePublic >>> from AccessControl.decorator import declarePrivate >>> from AccessControl.decorator import declareProtected >>> from AccessControl.Permissions import view as View >>> from Globals import InitializeClass >>> class DecoratorExample(Base): ... '''decorator example''' ... ... security = ClassSecurityInfo() ... ... @declarePublic ... def publicMethod(self): ... "public method" ... ... @declarePrivate ... def privateMethod(self): ... "private method" ... ... @declareProtected(View) ... def protectedByView(self): ... "method protected by View" ... >>> InitializeClass(DecoratorExample) With the new syntax you have to type only 15 letters instead of 41! Issue 4 === Some methods shouldn't be callable from certain types of request methods. For example there is no need that the webdav DELETE and PROP* methods should be callable from an ordinary HTTP GET request. I don't want to go into details. Some people know why :) Solution Only a small subset is implemented. There are two methods in my patch to either whitelist or blacklist a request method. An older version of my patch contained even code to distinguish between request types (ftp, http, ftp, xml-rpc) but Jim told me in a private mail it's kind of YAGNI. At the moment blacklistRequestMethod() and whitelistRequestMethod() have to be called explictly inside a method. There is no way to protect methods via security.blacklistRequestMethod() or @blacklistRequestMethod. I have two ideas to implement such security declarations but both ways are complicated and hard to implement. An ordinary decorator doesn't work because it messes up with ZPublisher.mapply. The following code does NOT work with POST requests because mapply is using introspection to get the names and default values of a method
[Zope-dev] Re: 2.8.0b1 issues with plone 2.0.5
Tim Hicks wrote: Apologies if this is already known about... I just installed 2.8.0b1 (using python 2.3.5), fired it up, then tried to add a 'plone site' (2.0.5). The plone site actually did get added, but here's what I got as well: For the notes: Latest versions of Plone 2.1 and CMF 1.4 are mostly working with Zope 2.8. There are some issues due some changes in the ZCatalog api. Christian ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: BTreeFolder2 for Zope 2.8?
Andreas Jung wrote: Any objections to move BTreeFolder2 into the Zope core for Zope 2.8? BTF is widely used in the Zope, CMF & Plone world and it would not hurt to ship it with Zope. +1 Christian ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: ZPT: defer expression fix
Tres Seaver wrote: I'd be glad to help with that, Christian. I've added a doc string to the DeferExpr module. Do you want me to write more docs is it enough to be added to the ZPT guide? Also I need a little help for the unit tests. How can I emulate tal:content or similar inside an expression test? Except of some missing unit tests the branch is ready to merge. I would like to get the changes into Zope 2.7.6 so we could use them for Plone 2.1.0. Christian ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: ZPT: defer expression fix
Evan Simpson wrote: Christian Heimes wrote: That's an interessting use case. Do you want me to keep the code and make up a new expression? I'm thinking about "lazy:". If you have a particular use for "defer:" that would justify the split, please go ahead. I have no particular interest in keeping it. I left defer: like it was coded by you and added a new expression lazy: that is working like a lazy initialization variable. Christian ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: ZPT: defer expression fix
Evan Simpson wrote: Christian Heimes wrote: * DeferWrapper didn't cache the result of the expression like ordinary vars do. This was intended, though you couldn't know that since I never documented this. Consider the following terrible example: This should evaluate to: x is 0 x is 1 x is 2 Why?? I don't remember why I wanted this behavior; it was an experiment, and I can't find any code of mine that uses it. That's an interessting use case. Do you want me to keep the code and make up a new expression? I'm thinking about "lazy:". Christian ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: ZPT: defer expression fix
Dieter Maurer wrote: Maybe, the feature could get documented as well... An undocumented feature is only half valuable... +1 Is there anybody out there who can help me with the docs? I need someone to translate my english into real and nice english and someone with the permissions to update the ZPT docs at zope.org. Christian ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: post publishing hook
Florent Guillaume wrote: I really could use a post publishing hook. Standard use case: delay indexing at the end of the request to only do it once per object even if the object has been modified 4 times. Using a post publishing hook for this use case isn't a good idea - IMO. The Publisher has nothing to with indexing. It's a completly different part of the architecture. You want to bind some actions to the transaction system because you want to execute some code at the end of the first phase of the 2 phase commit. That's a completly different story than the post publishing hook. Hooking into the transaction machinery of ZODB is very easy. Write your own DateManager implementing the IDateManager interface and register it into the current transaction using get_transaction.register(DM). For your use case overwrite the tpc_vote() method of the data manager to do the indexing at the boundary between the two phases. Jens Vagenpohl's mail host and Chris McD's blob have example code for you. Christian ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: ZPT: defer expression fix
Florent Guillaume wrote: I had trouble finding your branch because you put it in Zope/tiran-zpt-pydefer instead of Zope/branches/tiran-zpt-pydefer. Could you move it ? Ups, done :) Christian ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: ZPT: defer expression fix
Jens Vagelpohl wrote: I'm assuming the unit tests still run successfully and you added unit tests for your changes. All unit tests are passing with my chances. I've to write some tests before merging my branch. I'll write them after somebody seconds my fix. Christian ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] ZPT: defer expression fix
PageTemplates have an undocumented features called defer:. It's a kind of lazy initialization of variables. I've fixed to issues in my tiran-zpt-pydefer branch (svn): * DeferWrappers weren't working inside a python expression because PythonExpr didn't know about them * DeferWrapper didn't cache the result of the expression like ordinary vars do. I would like to merge my branch into 2.7 and 2.8 if I get an ok. Christian ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: QueueCatalog Tool Inadvertantly Triggers Indexing
Ken Wasetis wrote: Is this a bug, or am I misusing or misunderstanding the tool's design? ATFile is making use of a special hook of TextIndexNG2 from Andreas Jung. The hook is called txng_get. It might (!) have to do something with the hook. That's the only thing that is special about ATFile in the sense of cataloging. I'm the main author of ATCT and the release manager of Archetypes. Please contact me if you were able to locate the issue. Christian PS: Please unfuck your mail/news client. It's not breaking the lines properly. ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: Renamed the Zope package to Zope2 and including Zope 3 packages in Zope 2.8
Jim Fulton wrote: Originally, I had intended not to include any Zope 3 packages until Zope 2.9, however, Zope 2.8 has been delayed long enough that I think it makes sense to include some parts of Zope 3 sooner. I also want to use some of the Zope 3 persistent code support, which depends on zope.interface to help get ZClasses working again. I haven't decided which parts of Zope 3 should be included in Zope 2.8 and would like to get input. If you have suggestions on what to include or exclude, please respond here or on the z3-file list, where I am also posting this message. Zope 2.8 should be shipped with all stuff required for Five + some nice gimmicks like the import* helpers from utilities/. zope.interface - Zope3 interfaces are much better than the zope2 stuff zope.component - important for five zope.i18n + zope.i18nmessage - especially the l10n is very useful, also gotcha is working on a way to translate MessageIds in Zope2's ZPublisher. See PlacelessTranslationService Z3MsgId branch (I can't remember the excact name) zope.configuration - zcml is nice zope.importtool - for importtool and importorder, please also include importchecker in ZOPE_HOME/bin. I like it :) zope.schema These modules are easy to add w/o shipping Zope2 with a full installation of Zope3. Much harder but even useful are modules from zope.app like adapter, apidoc, event or the widget stuff for zope.schema. Personally zope.interface and zope.component are the most important and also useful thing I would like to see in Zope2. Christian ___ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: Large folder product
Rodrigo Dias Arruda Senra wrote: - BTreeFolder ( http://zope.org/Members/hathawsh/BTreeFolder ). But it seems a bit outdated: last maintenance 2001. - Harthaway's BTreeFolder2 ( http://hathawaymix.org/Software/BTreeFolder2 ) Much more up-to-date: 16 June 2004 - And I did look for a product called "LargeFolder", but found a single reference in a e-mail, but no Product to download: http://mail.zope.org/pipermail/zope-dev/2002-December/018315.html Does any body have a URL for LargeFolder Product ? Is it the most appropriate Folder to use or BTreeFolder2 is the way to go ? All BTree based folders I know are based on Shanes second implementation BTreeFolder2. This includes Large Plone Folder and BaseBTreeFolder from Archetypes. Christian ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: Placeless Translation Service
Milos Prudek wrote: where can I discuss Placeless Translation Service development? The original author Lalo Martins does not respond to emails - current PTS bears a "fork" suffix - who's in charge now? Gotcha :) Come to plone-dev or #plone on irc.freenode.net Christian ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: zLOG is dead
Fred Drake wrote: zLOG is dead The zLOG package used for logging throughout ZODB, ZEO, and Zope 2 has been declared obsolete. All logging for Zope products will use the logging package from Python's standard library. The zLOG package still exists in Zope 2 and the separate package for ZODB, but it is now an API shim (or "façade") over the logging package. It is expected to wither away to nothing at some point. I have several questions regarding to the changes: * Do I need to take care that the messages are logged into the event log and on the console or can I safly use the logging package like:: from logging import getLogger LOG = getLogger('MyLogger') LOG.debug('foo') zLOG has logged the messages to the console when zope was started with runzope and the entries were logged to the event.log, too. * Does Zope 2.7.0 has the new logging facility? * If no: Will Zope 2.7.1 have the new logging facility or do I need to wait for Zope 2.8? ... I'm chatting with Andreas Jung right now. He is telling me that the logs don't get printed to the console and that the log level is missing in the event.log Christian ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: class methods in Persistent objects
Syver Enstad wrote: Is it possible to have class methods on ZODB Persistent objects? I am using 3.2 so that means I am using ExtensionClass. I guess that moving to 3.3 would mean being able to use class methods? What is the expected time that the 3.3 release will be ready for production use? I dunno what you are meaning with class methods - maybe static methods or nwe style classes - but in general: You cannot use any new style class related stuff in persistent classes until zope 2.8 with new style extension class. So don't use any vars that contain python 2.2/2.3 stuff except of True and False. Christian ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: PlacelessTranslationService syntax
Milos Prudek wrote: What's the correct ZPT syntax for PlacelessTranslationService? PTS is just a translation service for ZPT. It doesn't add any functionality to ZPT. I tried this: Good morning This gets rendered into: Good morning No translation, although I do have an entry for 'Good morning' in my .po file under an 'ibc' domain. Is my syntax wrong? Maybe. Get i18ndude (google) and search for i18n docs for ZPT (google, too) :) Christian ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: Proposal: Move to subversion for source code control of the Zope and ZODB projects
Jim Fulton wrote: I propose to move from CVS to subversion for the Zope and ZODB projects; http://dev.zope.org/Zope3/MovingSCMToSubversion Initially, I propose to move just the repository heads. Maintenamce branches (e.g. Zope 2.6 and Zope 2.7) will remain in CVS. Finally ... :) +1 Christian ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Ups, wrong list (n/t)
no text ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Next bug: base_edit and webdav lock
The base_edit template of archetypes doesn't take care of webdav looks. It's possible to save a file while it's looked. Christian ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] External Editor and Archetypes 1.3
Hi! I tested the External Editor integration with the last version of AT Document from my AT Content Types. When saving the changes I'm getting this exception: Traceback (innermost last): Module ZPublisher.Publish, line 100, in publish Module ZPublisher.mapply, line 88, in mapply Module ZPublisher.Publish, line 40, in call_object Module Products.Archetypes.BaseContent, line 81, in PUT Module Products.Archetypes.Marshall, line 95, in demarshall Module Products.ATContentTypes.types.ATDocument, line 94, in setText Module Products.Archetypes.Field, line 701, in set Module Products.Archetypes.BaseUnit, line 23, in __init__ Module Products.Archetypes.BaseUnit, line 32, in update Module Products.PortalTransforms.MimeTypesRegistry, line 231, in __call__ Module Products.PortalTransforms.MimeTypesRegistry, line 181, in classify Module Products.PortalTransforms.zope.MimeTypesTool, line 65, in lookup Module Products.PortalTransforms.MimeTypesRegistry, line 126, in lookup - __traceback_info__: ("'None'", 'None') Module Products.PortalTransforms.MimeTypesRegistry, line 269, in split MimeTypeException: Malformed MIME type (None) Christian ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] InvalidObjectReference: Attempt to store an object from a foreign database connection
Dieter Maurer wrote: Andreas Jung announced that he was able to work around a similar problem in PloneCollectorNG. He changed a class to be *not* persistent and that resovled his problem. Christian ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] InvalidObjectReference: Attempt to store an object from a foreign database connection
There is a problem regarding plone, cmf and the quickinstaller tool. I'm getting an InvalidObjectReference error after reinstalling a product with the quickinstaller a second time or several times. It looks like the error happens only after I visited the plone ui at least once but that could be concurrence. Only restarting zope stops the error until the next occurance. Version: Python 2.3.3 (Debian testing) Zope 2.7 (CVS branch) CMF 1.4 (CVS) Plone 2.0 Traceback (innermost last): Module ZPublisher.Publish, line 104, in publish Module Zope.App.startup, line 224, in commit Module ZODB.Transaction, line 233, in commit Module ZODB.Transaction, line 348, in _commit_objects Module ZODB.Connection, line 419, in commit - __traceback_info__: (('Products.CMFCore.ActionInformation', 'ActionInformation'), '\x00\x00\x00\x00\x00\x00\x9e\xe3', '') InvalidObjectReference: Attempt to store an object from a foreign database connection I tried to get the object by starting zope with zopectl debug and using app._p_jar['\x00\x00\x00\x00\x00\x00\x9e\xe3'] but the object wasn't available so it seems to be a new object that is saved the first time. After changing the pickler from cPickle to pickle: Traceback (innermost last): Module ZPublisher.Publish, line 104, in publish Module Zope.App.startup, line 224, in commit Module ZODB.Transaction, line 233, in commit Module ZODB.Transaction, line 348, in _commit_objects Module ZODB.Connection, line 419, in commit - __traceback_info__: (('Products.CMFCore.ActionInformation', 'ActionInformation'), '\x00\x00\x00\x00\x00\x00\xa2G', '') Module pickle, line 231, in dump Module pickle, line 293, in save Module pickle, line 663, in save_dict Module pickle, line 695, in _batch_setitems Module pickle, line 278, in save InvalidObjectReference: Attempt to store an object from a foreign database connection pickle.save():278 is calling self.persistent_id(obj) which is patched to call coptimizations.new_persistent (pickler.persistent_id=new_persistent_id(self, stack)) in ZODB.Connection.commit(). The exception itself is raised by persistent_id_call() because of (jar != Py_None && jar != self->jar) is true. Debugging so deep into the zodb is a bit over my knowledge so I would be glad if someone could dig in, too. :) Christian PS: CC to plone-devel and cmf ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: Zope2.7.0rc2 AttributeError: 'NoneType' object has no attribute 'setHeader'
Chris McDonough wrote: > FWIW, this often happens when "self" isn't ultimately wrapped in a > RequestContainer (as it always should be when dealing with TTW code or > code that depends on REQUEST). The string is likely something like > "", which is the string that > represents something when it is declared as "Acquisition.Acquired" in a > class definition. > > The trick is finding out where the thing loses its context. No clue in > this case. If it's "" then it's (maybe) partly my fault. type(self.REQUEST) is "" when the object hasn't a real acquisition context. That's for example when we are still in the __init__() part of object creation. I was pretty shure that upload_data is called in an acquisition context. It seems that it isn't called in a context under *every* circumstances. Chris - was tricked again - ti(r)an ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: Zope2.7.0rc2 AttributeError: 'NoneType' object has no attribute 'setHeader'
Christian Heimes wrote: [...] And the next one: Python2.3.3/Zope2.70rc2/Plone2rc5. Exception Type AttributeError Exception Value 'str' object has no attribute 'RESPONSE' [...] Module Products.CMFPhoto.Photo, line 510, in clearCache AttributeError: 'str' object has no attribute 'RESPONSE' The relevant code line is self.REQUEST.RESPONSE.setHeader(). The error occured at object creation. Something really bad is going on! Christian ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: Zope2.7.0rc2 AttributeError: 'NoneType' object has no attribute 'setHeader'
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dieter Maurer wrote: ~ > Looks like "RESPONSE" is "None". | | I do not see how this can happen... but a CMFPhoto user reported a bug like this to me today. According to his traceback self.REQUEST had now attribute RESPONSE. That's really strange. :( Time 2004/02/05 07:16:58.953 US/Pacific User Name (User Id) admin (admin) Request URL http://www.stewardville.com/photos/createObject Exception Type AttributeError Exception Value RESPONSE Traceback (innermost last): Module ZPublisher.Publish, line 98, in publish Module ZPublisher.mapply, line 88, in mapply Module ZPublisher.Publish, line 39, in call_object Module Products.CMFFormController.FSControllerPythonScript, line 87, in __call__ Module Products.CMFFormController.Script, line 127, in __call__ Module Products.CMFCore.FSPythonScript, line 104, in __call__ Module Shared.DC.Scripts.Bindings, line 306, in __call__ Module Shared.DC.Scripts.Bindings, line 343, in _bindAndExec Module Products.CMFCore.FSPythonScript, line 160, in _exec Module None, line 16, in createObject Line 16 Module Products.CMFPlone.PloneFolder, line 373, in invokeFactory Module Products.CMFCore.TypesTool, line 709, in constructContent Module Products.CMFCore.TypesTool, line 398, in constructInstance Module Products.CMFPhoto.Photo, line 110, in addPhoto Module Products.CMFPhoto.Photo, line 174, in __init__ Module Products.CMFDefault.Image, line 147, in __init__ Module OFS.Image, line 124, in __init__ Module Products.CMFPhoto.Photo, line 400, in update_data Module Products.CMFPhoto.Photo, line 510, in clearCache AttributeError: RESPONSE Used versions: Zope 2.6.4, Python 2.1.3, CMF 1.4.2, PIL 1.1.4, Plone 2.0-RC3. Christian / Tiran -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Debian - http://enigmail.mozdev.org iD8DBQFAIwAe9aLWrfOU0PgRAsKmAJ9tJiInLW1lCV1X7f8giidCoydKOgCfUP8e ECBEAOJwkDuuTfBJx/xfsSM= =4jZP -END PGP SIGNATURE- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: 2.7 workflow not working anymore
robert wrote: Hi there, I have a DCWorkflow (running under plone 1.04) that has bean doing fine now for a year or so. Now under 2.7 I get the following traceback: [...] Module Products.VerboseSecurity.VerboseSecurityPolicy, line 272, in validate Please *read* the changelog of Zope 2.7b3 and grep for VerboseSecurity. You'll read that VS isn't working under new releases of zope 2.7. Christian ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: Where to put Zope 3 in Zope 2
I want to make the zope.interface (Zope 3 Interfaces) package available on the Zope 2 head (aka Zope 2.8). I propose to add lib/python/zope3 as a container for zope 3 packages. This new directory will be added to the path used by Zope 2. +1 I was thinking about to write a feature request for this issue about a week ago. I have to request concerning the interface package: * Could you also update the interface package of zope 2.7 or is it to late? I would like to see it in zope 2.7 but I understand that it might break some software. * Could you please provide a standalone interface package with a distutil installer so other programs and tools could make use of the interfaces without installing zope. Christian ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Re: New-style ExtensionClasses (Zope 2.8) -- MRO issue
Sidnei da Silva wrote: I'm going to fix those (after my english class) and then try something harder ;) Here is more stuff: >>> import mrohell >>> base = mrohell.step1() >>> mrohell.step2(base, mroonly=True) Couldn't get mro for Products.Archetypes.BaseBTreeFolder.BaseBTreeFolder Couldn't get mro for Products.Archetypes.BaseFolder.BaseFolder Couldn't get mro for Products.Archetypes.OrderedBaseFolder.OrderedBaseFolder Couldn't get mro for Products.GroupUserFolder.GroupUserFolder.GroupUserFolder Couldn't get mro for Products.CMFPlone.PloneFolder.BasePloneFolder Couldn't get mro for Products.CMFPlone.LargePloneFolder.LargePloneFolder Couldn't get mro for Products.Archetypes.BaseFolder.BaseFolderMixin Couldn't get mro for Products.CMFDefault.SkinnedFolder.SkinnedFolder Couldn't get mro for Products.CMFPlone.PloneFolder.PloneFolder Couldn't get mro for Products.Archetypes.ArchetypeTool.ArchetypeTool Couldn't get mro for Products.CMFFormController.Script.FSPythonScript Couldn't get mro for Products.CMFFormController.FSControllerValidator.FSControllerValidator Couldn't get mro for Products.CMFCore.FSPythonScript.FSPythonScript Couldn't get mro for Products.CMFFormController.FSControllerPythonScript.FSControllerPythonScript Couldn't get mro for Products.CMFCore.FSPageTemplate.FSPageTemplate Couldn't get mro for Products.CMFFormController.FSControllerPageTemplate.FSControllerPageTemplate Couldn't get mro for Products.CMFPlone.PropertiesTool.PropertiesTool Couldn't get mro for Products.CMFCore.FSZSQLMethod.FSZSQLMethod Couldn't get mro for Products.CMFPlone.FactoryTool.TempFolder Couldn't get mro for Products.Archetypes.OrderedBaseFolder.OrderedFolder Couldn't get mro for Products.Archetypes.examples.SimpleFolder.SimpleFolder 526 21 210 It seems that there are only several classes that cause problems: Products.CMFDefault.SkinnedFolder.SkinnedFolder Products.Archetypes.BaseFolder.BaseFolder Products.CMFCore.FS* Products.Archetypes.BaseFolder.BaseFolderMixin AFAIK most of the other classes with mro problems are just subclasses of these classes above. Christian ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )