Re: [Zope-dev] Getting Unauthorized from __bobo_traverse__.

2001-09-13 Thread Michael R. Bernstein

On Wed, 2001-09-12 at 22:45, Erik Enge wrote:
 [Evan Simpson]
 
 | If you grab OFS/Traversal.py (I think) from the CVS root, it should
 | fix the problem.
 
 *scabbers off to the CVS*  Thanks! :)

Eeew!

I hope you meant 'scampers', as I have horrific visions of what
'scabbering off' would look like...

Michael.


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )



Re: [Zope-dev] Getting Unauthorized from __bobo_traverse__.

2001-09-13 Thread Erik Enge

[Michael R. Bernstein]

| On Wed, 2001-09-12 at 22:45, Erik Enge wrote:
|  
|  *scabbers off to the CVS*  Thanks! :)
| 
| Eeew!
| 
| I hope you meant 'scampers', as I have horrific visions of what
| 'scabbering off' would look like...

Hehe!  Oops... Yeah, that's what I meant.  Ever since I started
learing French my English has started to suck.  Maybe it's only
mental.  ;-)

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )



[Zope-dev] Getting Unauthorized from __bobo_traverse__.

2001-09-12 Thread James Johnson

Don't know if this helps,

http://lists.zope.org/pipermail/zope-dev/2000-December/008524.html

x.unrestrictedTraverse(('','y','z'))

_
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )



Re: [Zope-dev] Getting Unauthorized from __bobo_traverse__.

2001-09-12 Thread Evan Simpson

Steve Alexander wrote:

 ... which you can't use from restricted things like (Script) Pythons and 
  DTML Methods. So, the answer lies in External Methods and Python 
 Products. If only I could remember what the question was...

There was a bug, fixed in 2.4.1, with restrictedTraverse across 
__bobo_traverse__ when the security is controlled by the container 
rather than the target object.  If you grab OFS/Traversal.py (I think) 
from the CVS root, it should fix the problem.

Cheers,

Evan @ Zope





___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )



Re: [Zope-dev] Getting Unauthorized from __bobo_traverse__.

2001-09-12 Thread Erik Enge

[Evan Simpson]

| If you grab OFS/Traversal.py (I think) from the CVS root, it should
| fix the problem.

*scabbers off to the CVS*  Thanks! :)

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )



[Zope-dev] Getting Unauthorized from __bobo_traverse__.

2001-09-11 Thread Erik Enge

Hi!

I've have this custom __bobo_traverse__ hook:

def __bobo_traverse__(self, REQUEST, name):
Intercept the traversal
if name:
if hasattr(self, name):
return getattr(self, name)

When I call the object like this:

  /objecta

ie. using __call__ (I guess); everything is ok.  It renders the
index_html (which is a DTMLFile) as expected.  However, when I do
this:

  /objecta/index_html

it raises an Unauthorized on me.  I can't understand why.  I thought
it might have something to do with docstrings, so I tried this:

  def index_html(self):
  we have a doc string
  return DTMLFile('index_html', globals())

And that worked (it didn't render the DTML, but I know how to fix
that).  Making it go back to this:

  index_html = DTMLFile('index_html', globals())

raised an Unauthorized on me again.

Here's the full traceback:

Traceback (innermost last):
  File 
/home/erik/development/zope-farm/Zope-2.3.1-src/lib/python/ZPublisher/Publish.py, line 
223, in publish_module
  File 
/home/erik/development/zope-farm/Zope-2.3.1-src/lib/python/ZPublisher/Publish.py, line 
187, in publish
  File 
/home/erik/development/zope-farm/Zope-2.3.1-src/lib/python/ZPublisher/Publish.py, line 
171, in publish
  File 
/home/erik/development/zope-farm/Zope-2.3.1-src/lib/python/ZPublisher/mapply.py, line 
160, in mapply
(Object: object_manager_index)
  File 
/home/erik/development/zope-farm/Zope-2.3.1-src/lib/python/ZPublisher/Publish.py, line 
112, in call_object
(Object: object_manager_index)
  File 
/home/erik/development/zope-farm/Zope-2.3.1-src/lib/python/Shared/DC/Scripts/Bindings.py,
 line 324, in __call__
(Object: object_manager_index)
  File 
/home/erik/development/zope-farm/Zope-2.3.1-src/lib/python/Shared/DC/Scripts/Bindings.py,
 line 354, in _bindAndExec
(Object: object_manager_index)
  File /home/erik/development/zope-farm/Zope-2.3.1-src/lib/python/App/special_dtml.py, 
line 236, in _exec
(Object: object_manager_index)
  File /home/erik/development/zope-farm/Zope-2.3.1-src/lib/python/OFS/DTMLMethod.py, 
line 182, in __call__
(Object: standard_html_footer)
  File 
/home/erik/development/zope-farm/Zope-2.3.1-src/lib/python/DocumentTemplate/DT_String.py,
 line 538, in __call__
(Object: standard_html_footer)
  File /home/erik/development/zope-farm/OtherProducts/WarpFramework/user.py, line 89, 
in on_access
(Object: api)
  File /home/erik/development/zope-farm/Zope-2.3.1-src/lib/python/OFS/Traversable.py, 
line 223, in restrictedTraverse
(Object: api)
  File /home/erik/development/zope-farm/Zope-2.3.1-src/lib/python/OFS/Traversable.py, 
line 190, in unrestrictedTraverse
(Object: api)
Unauthorized: index_html

I also tried adding:

  __allow_access_to_unprotected_subobjects__ = 1

just for good measure, but that didn't help either.

Any help on this is greatly appretiated.  :-)

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )



Re: [Zope-dev] Getting Unauthorized from __bobo_traverse__.

2001-09-11 Thread Erik Enge

[Erik Enge]

|   def index_html(self):
|   we have a doc string
|   return DTMLFile('index_html', globals())
| 
| And that worked [...]

Actually it doesn't.  Don't know why I thought it did.

This however does work:

   index_html__roles__ = ['Manager']
   def index_html(self):
   we have a doc string
   return DTMLFile('index_html', globals())
 
There's something here I don't understand.  My __bobo_traverse__
raises an unauthorized:

def __bobo_traverse__(self, REQUEST, name):
Intercept the traversal
if name:
if hasattr(self, name):
return getattr(self, name)

self = my_object at somewhere
REQUEST = the correct mapping object
name = 'index_html'

If I comment the __bobo_traverse__ away, the one in Application.py is
used:

def __bobo_traverse__(self, REQUEST, name=None):
try: return getattr(self, name)
except AttributeError: pass
[snip]

I've snipped it, because in this case getattr() always works.

self = Application at somewhere
REQUEST = the correct mapping object
name = 'account'

And this one doesn't raise an Unauthorized (and the name is different
- maybe there is traversal going on elsewhere too?).

Anyone been there done that before?

Thanks in advance. :)

___
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )