Re: [Zope-dev] Re: start_new_thread / user issue
On Tue, 13 Apr 2004, Tres Seaver wrote: Given that you trust yourself ;), you can add a security context from within the second thread; you could pass the user ID to the thread via one of several forms of currying, e.g. via instance variables:: I'm not sure if I trust myself in real life, but in this case I do. :) Your code below did not work for me because I could not find the newSecurityContext method. However, I was able to use the SecurityManagement.newSecurityManager instead, and that worked great. Thanks for pointing me in the right direction. class TrustedSecurityTask: def __init__(self, user_id): self._user_id = user_id def __call__(self, *args, **kw): sm = getSecurityManager() sm.newSecurityContext(None, User(self._user_id)) # your code here . thread = Thread(TrustedSecurityTask(user_id)) thread.start() Tres. Take care, --Toby. --- Toby Gustafson Senior Software Engineer Tyrell Software Corporation Email: [EMAIL PROTECTED] --- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] start_new_thread / user issue
Hi, Within a python file I do a call to thread.start_new_thread(...). Before this call, I am the admin user (verified by calling AccessControl.getSecurityManager().getuser().getUserName()). After the call, however, in the new thread, the user is now Anonymous User. Is there any way to somehow pass the user between threads because the code executed in the new thread needs the same permissions as the code executed in the old thread? I can obviously pass the user name to the new thread, but I'm not sure if that does me any good, because I doubt an Anonymous User would have permission to make itself another user. Any hints or suggestions would be appreciated. Thanks, --Toby. --- Toby Gustafson Senior Software Engineer Tyrell Software Corporation Email: [EMAIL PROTECTED] --- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] security issue
Hello, I am having a problem accessing a function defined in a product I have created and installed. The product is called StoreEvent, and it was created using the PloneMinimalInstall as a guide. In the StoreEvent product is a file called StoreEvent, which contains a function searchForStoreEvents. This function is outside of the StoreEvent class which is also defined in the file. I have created a page template which contains a form, and when the form is submitted, a script is executed. From that script I try to call the function with the lines: from Products.StoreEvent import StoreEvent ... storeEvents = StoreEvents.searchForStoreEvents(context, ...) When I bring up the page and submit it, I get a popup asking me to enter a username and password. When I cancel that, I get an error page with the message You are not allowed to access searchForStoreEvents in this context. I have read the security document at: http://www.zope.org/Documentation/Books/ZDG/current/Security.stx and have tried adding several things to my StoreEvent.__init__.py file, such as: modulesecurity = ModuleSecurityInfo() modulesecurity.declarePublic( \ 'Products.StoreEvent.searchForStoreEvents') modulesecurity.apply(globals()) However, nothing seems to work. Anybody have any idea what I am doing wrong. Thanks in advance, --Toby. --- Toby Gustafson Senior Software Engineer Tyrell Software Corporation Email: [EMAIL PROTECTED] --- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] FileUpload questions
Hello, I have been looking at the FileUpload class defined in HTTPRequest.py but am still a little confused about how it works. When a form is submitted with an input type=file ..., where are the contents of the uploaded file stored? Is it automatically stored in the ZODB, or is it stored in memory until some other code (like that in Image.py) stores it? The reason I am asking is that I want to store uploaded files on the file system instead of in the ZODB. (We are running Zope behind an Apache web server, so the uploaded files will be placed under Apache's document root so they can be served directly by Apache.) Being new to Zope and Python, it is not clear to me exactly how to go about this. Any suggestions would be appreciated, or if somebody knows where there is some sample code and could point me to it, that would be great too. Thanks, --Toby. --- Toby Gustafson Senior Software Engineer Tyrell Software Corporation Email: [EMAIL PROTECTED] --- ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )