subject:"\[Zope\-dev\] method attribute __roles_

Re: [Zope-dev] method attribute roles in Zope 2.8

2005-02-21 Thread Jim Fulton

Andreas Jung wrote:
I can across the following problem while trying to fix the broken FTP 
service for Zope 2.8:

ObjectManager.manage_FTPstat() tries to access 
self.manage_FTPlist.__roles__ whose
value is ('Manager',') in Zope 2.7. In 2.8 this attribute is not 
available. Can someone  explain
how and where is attribute in set Zope 2.7 and why it is no longer 
available in Zope 2.8 (has
it anything to do with new-style classes in 2.8).
Dieter's response is right.  Classic extenstion classes
had a method-attribute mechanism that isn't available in new-style
extension classes.
There is a new API for getting the roles for an object:
  from AcessControl.ZopeSecurityPolicy import getRoles
Now, suppose we wanted the roles for attribute 'x' on an
object:
  roles = getRoles(ob, 'x', ob.x)
This works for methods *and* for other objects that
don't have their own '__roles__' attribute.  For example,
it could be used for attributes whos values are strings.
It means that you can now protect *any* attribute.  Technically,
there is no longer a need for unprotected subobjects.  In this
regard, Zope 2 has become a litte bit more like Zope 3.
It also works for objects that do have theor own __roles__
attribute.  It actually checkes for a __roles__ attribute on
the third object passed.
For now, this api is the prefered way to do what you want.
Jim
--
Jim Fulton   mailto:[EMAIL PROTECTED]   Python Powered!
CTO  (540) 361-1714http://www.python.org
Zope Corporation http://www.zope.com   http://www.zope.org
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] method attribute roles in Zope 2.8

2005-02-21 Thread Jim Fulton

You didn't use the getattr that Dieter suggested.
But see my other follow on note.
Jim
Andreas Jung wrote:

--On Sonntag, 20. Februar 2005 19:42 Uhr +0100 Dieter Maurer 
[EMAIL PROTECTED] wrote:

You can use the getattr above to resolve the attribute.

That really did not help:
- print getattr(self.manage_FTPlist, '__roles__')
(Pdb)
AttributeError: 'function' object has no attribute '__roles__'

/develop/sandboxes/Zope/Zope/lib/python/OFS/ObjectManager.py(669)manage_FTPstat() 

- print getattr(self.manage_FTPlist, '__roles__')
(Pdb) dir(self.manage_FTPlist)
['__call__', '__class__', '__cmp__', '__delattr__', '__doc__', 
'__get__', '__getattribute__', '__hash__', '__init__', '__new__', 
'__reduce__', '__reduce_ex__', '__repr__', '__setattr__', '__str__', 
'im_class', 'im_func', 'im_self']
(Pdb) self.manage_FTPlist
bound method Application.manage_FTPlist of OFS.Application.Application 
object at 0xb761fcec
(Pdb) self.manage_FTPlist.__dict__
{}

So there must be more magic involved get this code running again.
Andreas
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

--
Jim Fulton   mailto:[EMAIL PROTECTED]   Python Powered!
CTO  (540) 361-1714http://www.python.org
Zope Corporation http://www.zope.com   http://www.zope.org
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

roles hack (was Re: [Zope-dev] method attribute roles in Zope 2.8)

2005-02-21 Thread Jim Fulton

Why do we have __roles__ in the first place?  After all, when we
declare protections for our classes, we do so with permissions.
The answer lies in a terrible mistake I made years ago.
Long before Principia, there was Bobo. Bobo originally had a security
model based on roles.  Objects had a __roles__ attribute and the security
model tried to determine if a user had any of the roles on that object.
Later, but still long before Principia, we added the concept of permissions.
Objects required permissions to access them.  Users were granted roles
and managers could map roles to permissions.  When this change was made,
we had lots of software that used the older __roles__ model.  To ease
transition, we created a computed roles attribute that:
- Determined the permission required by an object
- Looked at the role-permission map for that object and
  all of the acquired role-permission maps to compute the roles
  that had the permission and returned this set of roles
  as the value of the __roles__ attribute.
So far so good.
The terrible mistake was to never transition our software away from
this transitional hack.  Shame on me.  Note only did we perpetuate a hack,
but, I think, we made the security system more complicated than it should
have been.  After all, developers declared the permissions required to access
their objects, but the run-time system seemed to work with roles.
When doing the initial work on 2.8, I hoped to remove this hack, but I
wasn't able to.  I had enough to do to integrate new-style extension
class and I couldn't spend the extra time needed to clean this up.  I
do still think it would be good to clean this up, although I still
don't have time to do this myself.  I think Zope 2 will be with us for
a long time, so I think cleaning this up would be worthwhile.
I would also like to look at backporting the Zope 3 security system
to Zope 2.  I'm not certain that this will be feasible, but I'd like
to look at it for Zope 2.9.  The __roles__ hack doesn't exist in the
Zope 3 security model, so paorting the Zope 3 security system to Zope
2 would clean up the __roles__ hack.
I don't know if anyone is interested in working on either backporting the
Zope 3 security system, or on just cleaning up the Zope 2 security system.
If so, I'd be happy to provide advise.
Jim
--
Jim Fulton   mailto:[EMAIL PROTECTED]   Python Powered!
CTO  (540) 361-1714http://www.python.org
Zope Corporation http://www.zope.com   http://www.zope.org
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] method attribute roles in Zope 2.8

2005-02-21 Thread Jim Fulton

Andreas Jung wrote:
I can across the following problem while trying to fix the broken FTP 
service for Zope 2.8:

ObjectManager.manage_FTPstat() tries to access 
self.manage_FTPlist.__roles__ 
Why is it trying to do this?
Jim
--
Jim Fulton   mailto:[EMAIL PROTECTED]   Python Powered!
CTO  (540) 361-1714http://www.python.org
Zope Corporation http://www.zope.com   http://www.zope.org
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] method attribute roles in Zope 2.8

2005-02-21 Thread Andreas Jung


--On Montag, 21. Februar 2005 9:17 Uhr -0500 Jim Fulton [EMAIL PROTECTED] 
wrote:

Andreas Jung wrote:
I can across the following problem while trying to fix the broken FTP
service for Zope 2.8:
ObjectManager.manage_FTPstat() tries to access
self.manage_FTPlist.__roles__
Why is it trying to do this?
No idea :-)  But using getRoles() as you suggest it resolved the issue and 
the FTP
server is running fine again.

Andreas
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] method attribute roles in Zope 2.8

2005-02-20 Thread Andreas Jung

I can across the following problem while trying to fix the broken FTP 
service for Zope 2.8:

ObjectManager.manage_FTPstat() tries to access 
self.manage_FTPlist.__roles__ whose
value is ('Manager',') in Zope 2.7. In 2.8 this attribute is not available. 
Can someone  explain
how and where is attribute in set Zope 2.7 and why it is no longer 
available in Zope 2.8 (has
it anything to do with new-style classes in 2.8).

Being-completely-clueless,
Andreas
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] method attribute roles in Zope 2.8

2005-02-20 Thread Dieter Maurer

Andreas Jung wrote at 2005-2-20 12:33 +0100:
I can across the following problem while trying to fix the broken FTP 
service for Zope 2.8:

ObjectManager.manage_FTPstat() tries to access 
self.manage_FTPlist.__roles__ whose
value is ('Manager',') in Zope 2.7. In 2.8 this attribute is not available. 

In Zope 2.7 and before, ExtensionClass methods were magic objects.

  When you used method.attr, then the method actually
  used getattr(method.im_self, method.im_func.func_name+'attr')
  to retrieve attr (i.e. attr where retrieved from the bound
  object).

For the new style ExtensionClass implementation
(used from Zope 2.8 on), Jim removed this magic.

You can use the getattr above to resolve the attribute.

-- 
Dieter
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] method attribute roles in Zope 2.8

2005-02-20 Thread Andreas Jung


--On Sonntag, 20. Februar 2005 19:42 Uhr +0100 Dieter Maurer 
[EMAIL PROTECTED] wrote:

You can use the getattr above to resolve the attribute.
That really did not help:
- print getattr(self.manage_FTPlist, '__roles__')
(Pdb)
AttributeError: 'function' object has no attribute '__roles__'

/develop/sandboxes/Zope/Zope/lib/python/OFS/ObjectManager.py(669)manage_FTPstat()
- print getattr(self.manage_FTPlist, '__roles__')
(Pdb) dir(self.manage_FTPlist)
['__call__', '__class__', '__cmp__', '__delattr__', '__doc__', '__get__', 
'__getattribute__', '__hash__', '__init__', '__new__', '__reduce__', 
'__reduce_ex__', '__repr__', '__setattr__', '__str__', 'im_class', 
'im_func', 'im_self']
(Pdb) self.manage_FTPlist
bound method Application.manage_FTPlist of OFS.Application.Application 
object at 0xb761fcec
(Pdb) self.manage_FTPlist.__dict__
{}

So there must be more magic involved get this code running again.
Andreas
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] method attribute roles in Zope 2.8

Re: [Zope-dev] method attribute roles in Zope 2.8

roles hack (was Re: [Zope-dev] method attribute roles in Zope 2.8)

Re: [Zope-dev] method attribute roles in Zope 2.8

Re: [Zope-dev] method attribute roles in Zope 2.8

[Zope-dev] method attribute roles in Zope 2.8

Re: [Zope-dev] method attribute roles in Zope 2.8

Re: [Zope-dev] method attribute roles in Zope 2.8

8 matches

Site Navigation

Mail list logo

Footer information