Hi,
Just doing Squishdot for 2.2 when I noticed the following:
The SquishSite class has a method called item_count() which is used on
one of the management pages. It currently isn't protected by any
permissions or __roles__ and yet it still works fine on the management
screen concerned.
I thoug
More questions from 2.2'ing Squishdot ;-)
If a method is acquired by an object, does it use any permissions
defined for that method in the object it's acquired from, or do you have
to specify the permissions in the acquiring object as well?
cheers,
Chris
___
In the new security model is it just attributes that are methods that
are protected or is it all attributes?
For example, I have a lump of text in an Article class which is stored
in self.body.
Now, would I need body__roles__=None or somethign similar to be able to
do:
?
cheers,
Chris
__
"Phillip J. Eby" wrote:
> I don't see a need for a mass invalidation operation, just more
> documentation on these inner workings. :)
or the lack of an attribute depencies mechanism :-)
if attribute x depends on attribute y from another generic attribute
provider, invalidation of y doesn't make
On Mon, 21 Aug 2000 12:15:24 +0100, Chris Withers <[EMAIL PROTECTED]>
wrote:
>The SquishSite class has a method called item_count() which is used on
>one of the management pages. It currently isn't protected by any
>permissions or __roles__ and yet it still works fine on the management
>screen con
Toby Dickenson wrote:
> Firstly, I assume your management page is a dtml file on disk, not a
> dtml object stored in the ZODB. dtml files bypass *all* security
> checks.
That's nice :(
> Secondly, all objects that inherit from OFS.Item.SimpleItem (that is,
> almost all high level objects) have t
Is there any way you can find out what, exactly (ie a traceback ;-) is
causing an unauthorized error?
cheers,
Chris
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(R
> In the new security model is it just attributes that are methods that
> are protected or is it all attributes?
All attributes - methods just happen to be the most common
case.
> Now, would I need body__roles__=None or somethign similar to
> be able to
> do:
>
Yes, or (better) associate th
...it was named appropriately ;-)
Right, this would probably be easier if you have a background knowledge
of Confera/Squishdot code, anyway...
there's two classes, SquishSite and Posting. They don't inherit from
each other, but postings are always contained in a SquishSite and
eveything is Acqui
Hi,
I just experienced some very weird behaviour from aq_inContextOf while I was
trying to get Cut and Paste to work (I had to trace to the whole security stuff
to do this, and read the C source for the acquisition stuff the figure out what
aq_inContextOf does of course... thanks for having such a
Brian Lloyd wrote:
>
> > In the new security model is it just attributes that are methods that
> > are protected or is it all attributes?
>
> All attributes - methods just happen to be the most common
> case.
Ah, okay, that makes life interesting :S
(although it does make more sense than just p
If I define the following in an Article class (which subclasses
Posting):
__ac_permissions__ = Posting.__ac_permissions__ + (
('View', ['prev_item','next_item','showSummary','desc_items'],
('Anonymous', 'Manager')),
)
and Posting.__ac_permissions__ also defines a 'View' permission, which
methods
Chris Withers wrote:
>
> If I define the following in an Article class (which subclasses
> Posting):
>
> __ac_permissions__ = Posting.__ac_permissions__ + (
> ('View', ['prev_item','next_item','showSummary','desc_items'],
> ('Anonymous', 'Manager')),
> )
You don't need to concatenate the permis
Shane Hathaway wrote:
> > __ac_permissions__ = Posting.__ac_permissions__ + (
> > ('View', ['prev_item','next_item','showSummary','desc_items'],
> > ('Anonymous', 'Manager')),
> > )
>
> You don't need to concatenate the permissions of the base classes.
> default__class_init__ will pick them up.
On Mon, 21 Aug 2000 16:03:38 +0200, Bob Pepin <[EMAIL PROTECTED]> wrote:
Yeah, this is a good one. Theres some debate in the Collector about
whether this is actually a bug or not.
In short, aq_inContextOf checks for nested aquisition contexts. It
does *not* check for nested objects. It will ret
Hi,
Squishdot uses an intSet called 'thread' to store some information.
Items in this intSet are used in several DTML methods, for example:
/index_html#">Return to main thread
Now, in Zope 2.2 this throws an unauthorized error as show in the PS.
How can I make this go away in a non-hacky fashi
Chris Withers wrote:
> Squishdot uses an intSet called 'thread' to store some information.
> Items in this intSet are used in several DTML methods, for example:
>
> >/index_html#">Return to main thread
>
> Now, in Zope 2.2 this throws an unauthorized error as show in the PS.
I'ev solved this
Chris Withers wrote:
> > Squishdot uses an intSet called 'thread' to store some information.
> > Items in this intSet are used in several DTML methods, for example:
> >
> > > >/index_html#">Return to main thread
> >
> > Now, in Zope 2.2 this throws an unauthorized error as show in the PS.
I've s
Chris Withers wrote:
> Okay, Posting has the following list of methods for the 'view'
> permission:
>
>['date_posted','body_len','date_created','time_created','attachment','thread_path','index_html','showBody',
>
>
>'desc_items','dupString','striptags','tpId','tpURL','this','has_items','thread'
> Hmmm. Hence the problem with properties that meant OFS.Item.SimpleItem
> had to have __allow_access_to_unprotected_subobjects__=1?
>
> Can you not just assign roles to properties as they're created or am I
> missing something else?
That's one way to do it - but it will require some thought
to
Shane Hathaway wrote:
> > How do I do that?
>
> class Article:
>
> __ac_permissions__ = (
> ('View', ('prev_item', 'next_item', 'showSummary', 'desc_items')),
> )
>
> ... etc ...
>
> Globals.default__class_init__(Article)
Okay, I've changed it to that now :-)
> BTW did getSubject
Chris Withers wrote:
>
> Shane Hathaway wrote:
> > > How do I do that?
> >
> > class Article:
> >
> > __ac_permissions__ = (
> > ('View', ('prev_item', 'next_item', 'showSummary', 'desc_items')),
> > )
> >
> > ... etc ...
> >
> > Globals.default__class_init__(Article)
>
> Okay, I've
> > Assertions made on a method in a subclass override the
> assertions made
> > in the base class.
>
> Okay, Posting has the following list of methods for the 'view'
> permission:
> ['date_posted','body_len','date_created','time_created','attac
> hment','thread_path','index_html','showBody',
>
Since this afternoon, I am fighting with ZServer.
Currently, it seems Zserver is winning
I do not understand, what I see...
At work: Zope 2.1.6, Sparc Solaris 2.7, Linux Netscape 4.51
Sometimes, images are not shown by Netscape (broken image).
No "simple" reload is able to change this,
Dieter Maurer writes:
> Since this afternoon, I am fighting with ZServer.
>
>
> At home: Zope 2.1.6, Intel Linux 2, Linux Netscape 4.5
>
> All images are always shown correctly.
> However, there is no log entry in "var/Z2.log" for
> about 50 % of the requests that are answered
Terje Malmedal wrote:
>
> Can anybody please provide a simple example of a working usersource
> written in python?
Look at the UserSource source for LoginManager and Membership.
--
Do not meddle in the affairs of sysadmins, for they are easy to annoy,
and have the root password.
_
+---[ [EMAIL PROTECTED] ]--
| What would the "Recurse_Subfolder" method do?
|
| >
| >
| >
| >
That *is* Recruse_Subfolder :-)
--
Totally Holistic Enterprises Internet| P:+61 7 3870 0066 | Andrew Milton
The Internet (Aust) Pty Ltd | F:+61 7 3870 4477
What would the "Recurse_Subfolder" method do?
On Mon, Aug 21, 2000 at 04:12:05PM +1000, Andrew Kenneth Milton wrote:
> +---[ [EMAIL PROTECTED] ]--
> | I would like to loop through the contents of a folder, and the
> | contents of the subfolders of that folder. I know I ca
28 matches
Mail list logo