[Zope-dev] Re: Improvements for Zope2's security

2006-09-19 Thread Christian Heimes
Lennart Regebro schrieb:
 You have many good points in your list of troubles. Many of them are
 resolved by using security declarations through ZCML instead. It would
 be interesting to here your views on this.

In general I preferre old and well tested security code over new
security related code. Martjin, Phillip and all the other people are
doing a great job with Five but well ... it's new code. New code tends
to break because it is not as well tested as old code.

Here is a list of my views and concerns about ZCML and Five security.
Some or all of my points might be wrong. I had only one hour time to
read code and I did no debugging or unit testing of my concerns. (NYV =
not yet verified)

* ZCML security declarations are great for Zope3 and Five classes
because their default security policy is DENY unless explictly allowed.
[NYV] The default object security of ClassSecurityInfo is
declareObjectPrivate. [NYV]

* But if you mix in subclasses of SimpleItem and others (Image, File and
many more) you ar gaining their default security setting
declareObjectPublic or declareObjectProtected(View)! It means that every
method is availableunless explictly restricted. This could lead to
security breaches. IMO it is easier to find an unprotected method by
reading code when the security declaration sits next to the method. A
checker method for unit tests could be useful.

* Comments like !--deny attributes=baz /-- !-- XXX not yet
supported -- are adding a bad gut feeling ...

* As far as I understand the security system Zope2's can't protect
attributes and descriptors (properties) with
security.declarePrivate('attributename'). The default object permission
always wins. A ZCML directive that protects an attribute or descriptor
can lead to false security assumptions. [NYV]
It is possible to protect attributes with different permissons by
hooking into __allow_access_to_unprotected_subobjects__. The class var
can be set to a bool (1 = public, 0 = private), a string (permission
name), a dict (attribute name - 0/1) or a callable. I have an idea how
to protect descriptors and attributes based on some work from Sidney for
Archetypes.

* A long time ago somebody has told me that Zope2's security works only
for objects that subclass from ExtensionClass.Base or an Acquisition
class. Is this still true or is it a false information?

Christian

___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] Improvements for Zope2's security

2006-09-18 Thread Christian Heimes
Hey guys!

In the past few months I fiddled around with Zope2's security and access
control code. I analysied my own code and code from other developers to
search for common errors. Also I tried to think of ways to make the
security system easier and more verbose on coding errors

I have not yet implemented all my ideas but Zope 2.10 is on the door
steps. Here is my first set of improvements.

Issue 1
===

Zope's security declarations have to be called with a method *name* AS
STRING. Developers are human beeings and human beeings tend to make
small errors like typos. Or they forget to change the security
declaration when they rename a method. Zope doesn't raise an error when
a developer adds a security declaration for a non existing method.

Have a look at the following example. It contains a tiny but devastating
typo::

security.declarePrivate('chooseProtocol')
def chooseProtocols(self, request):
...

These kinds or errors are extremly hard to find and may lead to big
security holes. By the way this example was taken from a well known and
well tested Zope addon!

Solution


The solution was very easy to implement. I created a small helper
function checkClassHasMethod() and called it in the apply() method of
AccessControl.SecurityInfo.ClassSecurityInfo. The apply() method is
called at startup. The code doesn't slow down requests.

Issue 2
===

Another way to introduce security breaches is to forget the
InitializeClass() call. The call is responsable for applying the
informations from a ClassSecurityInfo. Without the call all security
settings made through security.declare* are useless.

The good news is: Even if a developer forgets to call the method
explictly in his code the function is called implictly.

The implicit call was hard to find for me at first. I struggled with the
code in OFS.Image because there is an import of InitializeClass but it
is never called. Never the less the security informations are somehow
merged automagically. After some digging I found the code that is
responsible for the magic. It's ExtensionClass' __class_init__ magic and
OFS.ObjectManager.ObjectManager.__class_init__

Now the bad news: The magic doesn't work under some conditions. For
example if you class doesn't subclass ObjectManager or if you monkey
patch a class with security info object you have to call InitializeClass
explictly.

Solution


Not yet finished. I've created a function checkObjectHasSecurityInfo()
and added a call to ZPublisher.BaseRequest.DefaultPublishTraverse but it
is untested.

Issue 3
===

Developers are lazy and they like to make typos. No one likes to type
security.declarePrivate('chooseProtocol') so we are using copy  paste
which may cause even more typos. Wouldn't it be cool to get rid of
security. and typing the name of the method twice? Let's use decorators!
Here is the doc test example from my patch:

Solution


Security decorators are an alternative syntax to define security
declarations on classes.

 from ExtensionClass import Base
 from AccessControl import ClassSecurityInfo
 from AccessControl.decorator import declarePublic
 from AccessControl.decorator import declarePrivate
 from AccessControl.decorator import declareProtected
 from AccessControl.Permissions import view as View
 from Globals import InitializeClass

 class DecoratorExample(Base):
... '''decorator example'''
...
... security = ClassSecurityInfo()
...
... @declarePublic
... def publicMethod(self):
... public method
...
... @declarePrivate
... def privateMethod(self):
... private method
...
... @declareProtected(View)
... def protectedByView(self):
... method protected by View
...
 InitializeClass(DecoratorExample)


With the new syntax you have to type only 15 letters instead of 41!

Issue 4
===

Some methods shouldn't be callable from certain types of request
methods. For example there is no need that the webdav DELETE and PROP*
methods should be callable from an ordinary HTTP GET request. I don't
want to go into details. Some people know why :)

Solution


Only a small subset is implemented. There are two methods in my patch to
either whitelist or blacklist a request method. An older version of my
patch contained even code to distinguish between request types (ftp,
http, ftp, xml-rpc) but Jim told me in a private mail it's kind of YAGNI.

At the moment blacklistRequestMethod() and whitelistRequestMethod() have
to be called explictly inside a method. There is no way to protect
methods via security.blacklistRequestMethod() or @blacklistRequestMethod.

I have two ideas to implement such security declarations but both ways
are complicated and hard to implement. An ordinary decorator doesn't
work because it messes up with ZPublisher.mapply.

The following code does NOT work with POST requests because mapply is
using introspection to get the names and default values of a method. The
decorator has a different 

[Zope-dev] Re: 2.8.0b1 issues with plone 2.0.5

2005-04-25 Thread Christian Heimes
Tim Hicks wrote:
Apologies if this is already known about...
I just installed 2.8.0b1 (using python 2.3.5), fired it up, then tried to
add a 'plone site' (2.0.5).  The plone site actually did get added, but
here's what I got as well:
For the notes:
Latest versions of Plone 2.1 and CMF 1.4 are mostly working with Zope 
2.8. There are some issues due some changes in the ZCatalog api.

Christian
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] Re: BTreeFolder2 for Zope 2.8?

2005-04-23 Thread Christian Heimes
Andreas Jung wrote:
Any objections to move BTreeFolder2 into the Zope core for Zope 2.8?
BTF is widely used in  the Zope, CMF  Plone world and it would not hurt
to ship it with Zope.
+1
Christian
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] Re: ZPT: defer expression fix

2005-04-08 Thread Christian Heimes
Evan Simpson wrote:
Christian Heimes wrote:
That's an interessting use case. Do you want me to keep the code and 
make up a new expression? I'm thinking about lazy:.

If you have a particular use for defer: that would justify the split, 
please go ahead.  I have no particular interest in keeping it.
I left defer: like it was coded by you and added a new expression lazy: 
that is working like a lazy initialization variable.

Christian
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] Re: ZPT: defer expression fix

2005-04-08 Thread Christian Heimes
Tres Seaver wrote:
I'd be glad to help with that, Christian.
I've added a doc string to the DeferExpr module. Do you want me to write 
 more docs is it enough to be added to the ZPT guide?

Also I need a little help for the unit tests. How can I emulate 
tal:content or similar inside an expression test?

Except of some missing unit tests the branch is ready to merge. I would 
like to get the changes into Zope 2.7.6 so we could use them for Plone 
2.1.0.

Christian
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] Re: ZPT: defer expression fix

2005-04-02 Thread Christian Heimes
Dieter Maurer wrote:
Maybe, the feature could get documented as well...
An undocumented feature is only half valuable...
+1
Is there anybody out there who can help me with the docs? I need someone 
to translate my english into real and nice english and someone with the 
permissions to update the ZPT docs at zope.org.

Christian
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] Re: post publishing hook

2005-04-01 Thread Christian Heimes
Florent Guillaume wrote:
I really could use a post publishing hook.
Standard use case: delay indexing at the end of the request to only do 
it once per object even if the object has been modified 4 times.
Using a post publishing hook for this use case isn't a good idea - IMO. 
The Publisher has nothing to with indexing. It's a completly different 
part of the architecture.

You want to bind some actions to the transaction system because you want 
to execute some code at the end of the first phase of the 2 phase 
commit. That's a completly different story than the post publishing 
hook. Hooking into the transaction machinery of ZODB is very easy. Write 
your own DateManager implementing the IDateManager interface and 
register it into the current transaction using get_transaction.register(DM).

For your use case overwrite the tpc_vote() method of the data manager to 
do the indexing at the boundary between the two phases.

Jens Vagenpohl's mail host and Chris McD's blob have example code for you.
Christian
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] Re: ZPT: defer expression fix

2005-03-29 Thread Christian Heimes
Florent Guillaume wrote:
I had trouble finding your branch because you put it in
Zope/tiran-zpt-pydefer instead of Zope/branches/tiran-zpt-pydefer.
Could you move it ?
Ups, done :)
Christian
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] ZPT: defer expression fix

2005-03-28 Thread Christian Heimes
PageTemplates have an undocumented features called defer:. It's a kind 
of lazy initialization of variables.

I've fixed to issues in my tiran-zpt-pydefer branch (svn):
 * DeferWrappers weren't working inside a python expression because 
PythonExpr didn't know about them

 * DeferWrapper didn't cache the result of the expression like ordinary 
vars do.

I would like to merge my branch into 2.7 and 2.8 if I get an ok.
Christian
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] Re: ZPT: defer expression fix

2005-03-28 Thread Christian Heimes
Jens Vagelpohl wrote:
I'm assuming the unit tests still run successfully and you added unit 
tests for your changes.
All unit tests are passing with my chances. I've to write some tests 
before merging my branch. I'll write them after somebody seconds my fix.

Christian
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] Re: QueueCatalog Tool Inadvertantly Triggers Indexing

2005-02-19 Thread Christian Heimes
Ken Wasetis wrote:
Is this a bug, or am I misusing or misunderstanding the tool's design?
ATFile is making use of a special hook of TextIndexNG2 from Andreas 
Jung. The hook is called txng_get. It might (!) have to do something 
with the hook. That's the only thing that is special about ATFile in the 
sense of cataloging.

I'm the main author of ATCT and the release manager of Archetypes. 
Please contact me if you were able to locate the issue.

Christian
PS: Please unfuck your mail/news client. It's not breaking the lines 
properly.

___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] Re: Renamed the Zope package to Zope2 and including Zope 3 packages in Zope 2.8

2005-02-01 Thread Christian Heimes
Jim Fulton wrote:
Originally, I had intended not to include any Zope 3 packages until
Zope 2.9, however, Zope 2.8 has been delayed long enough that I think
it makes sense to include some parts of Zope 3 sooner.  I also want
to use some of the Zope 3 persistent code support, which depends on
zope.interface to help get ZClasses working again.  I haven't decided
which parts of Zope 3 should be included in Zope 2.8 and would like to
get input.  If you have suggestions on what to include or exclude,
please respond here or on the z3-file list, where I am also posting
this message.
Zope 2.8 should be shipped with all stuff required for Five + some nice 
gimmicks like the import* helpers from utilities/.

zope.interface - Zope3 interfaces are much better than the zope2 stuff
zope.component - important for five
zope.i18n + zope.i18nmessage - especially the l10n is very useful, also 
gotcha is working on a way to translate MessageIds in Zope2's 
ZPublisher. See PlacelessTranslationService Z3MsgId branch (I can't 
remember the excact name)
zope.configuration - zcml is nice
zope.importtool - for importtool and importorder, please also include 
importchecker in ZOPE_HOME/bin. I like it :)
zope.schema

These modules are easy to add w/o shipping Zope2 with a full 
installation of Zope3. Much harder but even useful are modules from 
zope.app like adapter, apidoc, event or the widget stuff for zope.schema.

Personally zope.interface and zope.component are the most important and 
also useful thing I would like to see in Zope2.

Christian
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] Re: Large folder product

2004-08-13 Thread Christian Heimes
Rodrigo Dias Arruda Senra wrote:
 - BTreeFolder ( http://zope.org/Members/hathawsh/BTreeFolder ).
   But it seems a bit outdated: last maintenance 2001.
 - Harthaway's BTreeFolder2 ( http://hathawaymix.org/Software/BTreeFolder2 )
   Much more up-to-date:  16 June 2004
 - And I did look for a product called LargeFolder, but found a single
   reference in a e-mail, but no Product to download: 
   http://mail.zope.org/pipermail/zope-dev/2002-December/018315.html 

Does any body have a URL for LargeFolder Product ? Is it the most appropriate
Folder to use or BTreeFolder2 is the way to go ?
All BTree based folders I know are based on Shanes second implementation 
BTreeFolder2. This includes Large Plone Folder and BaseBTreeFolder from 
Archetypes.

Christian
___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] Re: Placeless Translation Service

2004-06-02 Thread Christian Heimes
Milos Prudek wrote:
where can I discuss Placeless Translation Service development?
The original author Lalo Martins does not respond to emails - current 
PTS bears a fork suffix - who's in charge now?
Gotcha :)
Come to plone-dev or #plone on irc.freenode.net
Christian
___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] Re: zLOG is dead

2004-04-20 Thread Christian Heimes
Fred Drake wrote:

zLOG is dead

The zLOG package used for logging throughout ZODB, ZEO, and Zope 2 has
been declared obsolete.  All logging for Zope products will use the
logging package from Python's standard library.
The zLOG package still exists in Zope 2 and the separate package for
ZODB, but it is now an API shim (or fa├žade) over the logging
package.  It is expected to wither away to nothing at some point.
I have several questions regarding to the changes:

* Do I need to take care that the messages are logged into the event log 
and on the console or can I safly use the logging package like::

  from logging import getLogger
  LOG = getLogger('MyLogger')
  LOG.debug('foo')
zLOG has logged the messages to the console when zope was started with 
runzope and the entries were logged to the event.log, too.

* Does Zope 2.7.0 has the new logging facility?

* If no: Will Zope 2.7.1 have the new logging facility or do I need to 
wait for Zope 2.8?

...

I'm chatting with Andreas Jung right now. He is telling me that the logs 
don't get printed to the console and that the log level is missing in 
the event.log

Christian

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] Re: class methods in Persistent objects

2004-04-16 Thread Christian Heimes
Syver Enstad wrote:
Is it possible to have class methods on ZODB Persistent objects? I am
using 3.2 so that means I am using ExtensionClass. 

I guess that moving to 3.3 would mean being able to use class methods?
What is the expected time that the 3.3 release will be ready for
production use?
I dunno what you are meaning with class methods - maybe static methods 
or nwe style classes - but in general:

You cannot use any new style class related stuff in persistent classes 
until zope 2.8 with new style extension class. So don't use any vars 
that contain python 2.2/2.3 stuff except of True and False.

Christian

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] Re: PlacelessTranslationService syntax

2004-04-13 Thread Christian Heimes
Milos Prudek wrote:
What's the correct ZPT syntax for PlacelessTranslationService?
PTS is just a translation service for ZPT. It doesn't add any 
functionality to ZPT.

I tried this:

b i18n:translate= i18n:domain=ibc i18n:target=string:czGood 
morning/b

This gets rendered into:  bGood morning/b

No translation, although I do have an entry for 'Good morning' in my .po 
file under an 'ibc' domain.

Is my syntax wrong?
Maybe. Get i18ndude (google) and search for i18n docs for ZPT (google, 
too) :)

Christian

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] Re: Proposal: Move to subversion for source code control of the Zope and ZODB projects

2004-04-11 Thread Christian Heimes
Jim Fulton wrote:
I propose to move from CVS to subversion for the Zope and ZODB projects;

  http://dev.zope.org/Zope3/MovingSCMToSubversion

Initially, I propose to move just the repository heads. Maintenamce
branches (e.g. Zope 2.6 and Zope 2.7) will remain in CVS.
Finally ... :)
+1
Christian

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] External Editor and Archetypes 1.3

2004-04-05 Thread Christian Heimes
Hi!

I tested the External Editor integration with the last version of AT 
Document from my AT Content Types. When saving the changes I'm getting 
this exception:

Traceback (innermost last):
  Module ZPublisher.Publish, line 100, in publish
  Module ZPublisher.mapply, line 88, in mapply
  Module ZPublisher.Publish, line 40, in call_object
  Module Products.Archetypes.BaseContent, line 81, in PUT
  Module Products.Archetypes.Marshall, line 95, in demarshall
  Module Products.ATContentTypes.types.ATDocument, line 94, in setText
  Module Products.Archetypes.Field, line 701, in set
  Module Products.Archetypes.BaseUnit, line 23, in __init__
  Module Products.Archetypes.BaseUnit, line 32, in update
  Module Products.PortalTransforms.MimeTypesRegistry, line 231, in __call__
  Module Products.PortalTransforms.MimeTypesRegistry, line 181, in classify
  Module Products.PortalTransforms.zope.MimeTypesTool, line 65, in lookup
  Module Products.PortalTransforms.MimeTypesRegistry, line 126, in lookup
   - __traceback_info__: ('None', 'None')
  Module Products.PortalTransforms.MimeTypesRegistry, line 269, in split
MimeTypeException: Malformed MIME type (None)
Christian

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] Next bug: base_edit and webdav lock

2004-04-05 Thread Christian Heimes
The base_edit template of archetypes doesn't take care of webdav looks. 
It's possible to save a file while it's looked.

Christian

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] InvalidObjectReference: Attempt to store an object from a foreign database connection

2004-03-29 Thread Christian Heimes
There is a problem regarding plone, cmf and the quickinstaller tool. I'm 
getting an InvalidObjectReference error after reinstalling a product 
with the quickinstaller a second time or several times. It looks like 
the error happens only after I visited the plone ui at least once but 
that could be concurrence. Only restarting zope stops the error until 
the next occurance.

Version: Python 2.3.3 (Debian testing)
 Zope 2.7 (CVS branch)
 CMF 1.4 (CVS)
 Plone 2.0
Traceback (innermost last):
  Module ZPublisher.Publish, line 104, in publish
  Module Zope.App.startup, line 224, in commit
  Module ZODB.Transaction, line 233, in commit
  Module ZODB.Transaction, line 348, in _commit_objects
  Module ZODB.Connection, line 419, in commit
   - __traceback_info__: (('Products.CMFCore.ActionInformation', 
'ActionInformation'), '\x00\x00\x00\x00\x00\x00\x9e\xe3', '')
InvalidObjectReference: Attempt to store an object from a foreign 
database connection

I tried to get the object by starting zope with zopectl debug and using 
app._p_jar['\x00\x00\x00\x00\x00\x00\x9e\xe3'] but the object wasn't 
available so it seems to be a new object that is saved the first time.

After changing the pickler from cPickle to pickle:

Traceback (innermost last):
  Module ZPublisher.Publish, line 104, in publish
  Module Zope.App.startup, line 224, in commit
  Module ZODB.Transaction, line 233, in commit
  Module ZODB.Transaction, line 348, in _commit_objects
  Module ZODB.Connection, line 419, in commit
   - __traceback_info__: (('Products.CMFCore.ActionInformation', 
'ActionInformation'), '\x00\x00\x00\x00\x00\x00\xa2G', '')
  Module pickle, line 231, in dump
  Module pickle, line 293, in save
  Module pickle, line 663, in save_dict
  Module pickle, line 695, in _batch_setitems
  Module pickle, line 278, in save
InvalidObjectReference: Attempt to store an object from a foreign 
database connection

pickle.save():278 is calling self.persistent_id(obj) which is patched to 
call coptimizations.new_persistent 
(pickler.persistent_id=new_persistent_id(self, stack)) in 
ZODB.Connection.commit(). The exception itself is raised by 
persistent_id_call() because of (jar != Py_None  jar != self-jar) is 
true.

Debugging so deep into the zodb is a bit over my knowledge so I would be 
glad if someone could dig in, too. :)

Christian

PS: CC to plone-devel and cmf

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


Re: [Zope-dev] InvalidObjectReference: Attempt to store an object from a foreign database connection

2004-03-29 Thread Christian Heimes
Dieter Maurer wrote:
Andreas Jung announced that he was able to work around a similar
problem in PloneCollectorNG.
He changed a class to be *not* persistent and that resovled his problem.

Christian



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] Re: Zope2.7.0rc2 AttributeError: 'NoneType' object has no attribute 'setHeader'

2004-02-07 Thread Christian Heimes
Chris McDonough wrote:
 FWIW, this often happens when self isn't ultimately wrapped in a
 RequestContainer (as it always should be when dealing with TTW code or
 code that depends on REQUEST).  The string is likely something like
 Special Object Used To Force Acqusition, which is the string that
 represents something when it is declared as Acquisition.Acquired in a
 class definition.

 The trick is finding out where the thing loses its context.  No clue in
 this case.
If it's Special Object Used To Force Acqusition then it's (maybe) 
partly my fault. type(self.REQUEST) is Special Object Used To Force 
Acqusition when the object hasn't a real acquisition context. That's 
for example when we are still in the __init__() part of object creation.

I was pretty shure that upload_data is called in an acquisition context. 
It seems that it isn't called in a context under *every* circumstances.

Chris - was tricked again - ti(r)an

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] Re: Zope2.7.0rc2 AttributeError: 'NoneType' object has no attribute 'setHeader'

2004-02-06 Thread Christian Heimes
Christian Heimes wrote:
[...]
And the next one:

Python2.3.3/Zope2.70rc2/Plone2rc5.

Exception Type
AttributeError
Exception Value
'str' object has no attribute 'RESPONSE'
[...]
Module Products.CMFPhoto.Photo, line 510, in clearCache
AttributeError: 'str' object has no attribute 'RESPONSE'
The relevant code line is self.REQUEST.RESPONSE.setHeader(). The error
occured at object creation.
Something really bad is going on!

Christian

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] Re: Zope2.7.0rc2 AttributeError: 'NoneType' object has no attribute 'setHeader'

2004-02-05 Thread Christian Heimes
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dieter Maurer wrote:
~  Looks like RESPONSE is None.
|
| I do not see how this can happen...
aol / but a CMFPhoto user reported a bug like this to me today.
According to his traceback self.REQUEST had now attribute RESPONSE.
That's really strange. :(
Time 2004/02/05 07:16:58.953 US/Pacific
User Name (User Id) admin (admin)
Request URL
http://www.stewardville.com/photos/createObject
Exception Type AttributeError
Exception Value RESPONSE
Traceback (innermost last):

Module ZPublisher.Publish, line 98, in publish
Module ZPublisher.mapply, line 88, in mapply
Module ZPublisher.Publish, line 39, in call_object
Module
Products.CMFFormController.FSControllerPythonScript,
line 87, in __call__
Module Products.CMFFormController.Script, line 127, in
__call__
Module Products.CMFCore.FSPythonScript, line 104, in
__call__
Module Shared.DC.Scripts.Bindings, line 306, in
__call__
Module Shared.DC.Scripts.Bindings, line 343, in
_bindAndExec
Module Products.CMFCore.FSPythonScript, line 160, in
_exec
Module None, line 16, in createObject
FSControllerPythonScript at
/stewardville/createObject used for
/stewardville/photos
Line 16
Module Products.CMFPlone.PloneFolder, line 373, in
invokeFactory
Module Products.CMFCore.TypesTool, line 709, in
constructContent
Module Products.CMFCore.TypesTool, line 398, in
constructInstance
Module Products.CMFPhoto.Photo, line 110, in addPhoto
Module Products.CMFPhoto.Photo, line 174, in __init__
Module Products.CMFDefault.Image, line 147, in
__init__
Module OFS.Image, line 124, in __init__
Module Products.CMFPhoto.Photo, line 400, in
update_data
Module Products.CMFPhoto.Photo, line 510, in
clearCache
AttributeError: RESPONSE
Used versions: Zope 2.6.4, Python 2.1.3, CMF
1.4.2, PIL 1.1.4, Plone 2.0-RC3.
Christian / Tiran
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Debian - http://enigmail.mozdev.org
iD8DBQFAIwAe9aLWrfOU0PgRAsKmAJ9tJiInLW1lCV1X7f8giidCoydKOgCfUP8e
ECBEAOJwkDuuTfBJx/xfsSM=
=4jZP
-END PGP SIGNATURE-
___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )


[Zope-dev] Re: New-style ExtensionClasses (Zope 2.8) -- MRO issue

2003-11-24 Thread Christian Heimes
Sidnei da Silva wrote:
I'm going to fix those (after my english class) and then try something
harder ;)
Here is more stuff:

 import mrohell
 base = mrohell.step1()
 mrohell.step2(base, mroonly=True)
Couldn't get mro for  Products.Archetypes.BaseBTreeFolder.BaseBTreeFolder
Couldn't get mro for  Products.Archetypes.BaseFolder.BaseFolder
Couldn't get mro for 
Products.Archetypes.OrderedBaseFolder.OrderedBaseFolder
Couldn't get mro for 
Products.GroupUserFolder.GroupUserFolder.GroupUserFolder
Couldn't get mro for  Products.CMFPlone.PloneFolder.BasePloneFolder
Couldn't get mro for  Products.CMFPlone.LargePloneFolder.LargePloneFolder
Couldn't get mro for  Products.Archetypes.BaseFolder.BaseFolderMixin
Couldn't get mro for  Products.CMFDefault.SkinnedFolder.SkinnedFolder
Couldn't get mro for  Products.CMFPlone.PloneFolder.PloneFolder
Couldn't get mro for  Products.Archetypes.ArchetypeTool.ArchetypeTool
Couldn't get mro for  Products.CMFFormController.Script.FSPythonScript
Couldn't get mro for 
Products.CMFFormController.FSControllerValidator.FSControllerValidator
Couldn't get mro for  Products.CMFCore.FSPythonScript.FSPythonScript
Couldn't get mro for 
Products.CMFFormController.FSControllerPythonScript.FSControllerPythonScript
Couldn't get mro for  Products.CMFCore.FSPageTemplate.FSPageTemplate
Couldn't get mro for 
Products.CMFFormController.FSControllerPageTemplate.FSControllerPageTemplate
Couldn't get mro for  Products.CMFPlone.PropertiesTool.PropertiesTool
Couldn't get mro for  Products.CMFCore.FSZSQLMethod.FSZSQLMethod
Couldn't get mro for  Products.CMFPlone.FactoryTool.TempFolder
Couldn't get mro for  Products.Archetypes.OrderedBaseFolder.OrderedFolder
Couldn't get mro for  Products.Archetypes.examples.SimpleFolder.SimpleFolder
526 21 210

It seems that there are only several classes that cause problems:
Products.CMFDefault.SkinnedFolder.SkinnedFolder
Products.Archetypes.BaseFolder.BaseFolder
Products.CMFCore.FS*
Products.Archetypes.BaseFolder.BaseFolderMixin
AFAIK most of the other classes with mro problems are just subclasses of 
these classes above.

Christian



___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )