Re: [Zope-dev] permissions on a python script...
[EMAIL PROTECTED] wrote at 2003-11-24 04:31 -: > when I call my form processing script from a form action zope prompt me > for a password Shane's "VerboseSecurity" is a valuable help to analyse security problems. -- Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] permissions on a python script...
> If you are logged in with manager permissions and plone still asks for a > passwort this usually means that you are trying to call a non exising > template. > Robert I changed the scripts permissions to Manager and then ran the form from a browser that was not logged into zope. It worked. Now if I could only get the script to call a DTML method... -Josh ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] permissions on a python script...
If you are logged in with manager permissions and plone still asks for a passwort this usually means that you are trying to call a non exising template. Robert Am Montag, 24. November 2003 05:31 schrieb [EMAIL PROTECTED]: > when I call my form processing script from a form action zope prompt me > for a password > > I have fiddled with both the owner and security settings, with no success > > Any and all advice welcomed -thanks again > > -josh > > > > ___ > Zope-Dev maillist - [EMAIL PROTECTED] > http://mail.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope ) -- mit freundlichen GrĂ¼ssen Robert Rottermann www.redCOR.ch ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] permissions on a python script...
when I call my form processing script from a form action zope prompt me for a password I have fiddled with both the owner and security settings, with no success Any and all advice welcomed -thanks again -josh ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Permissions Mapping Screen
Is there any reason that the acquired permission mapping cannot be displayed next to the check boxes on the Permission mapping screen? For example if I have "Access User Information" checked in the root of a site for Anonymous and I view the Security tab for a folder one level down I would like to see a check symbol to the right of the Anonymous/Access User Information check box. This seems like it would be very very useful. -Brian ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Permissions
brian.r.brinegar.1 writes: > I would like to setup the security on a Zope server such that a user can > edit permissions on something they own, but not grant more permissions > than what they have acquired from the parent. This is not covered by the current security framework. But, surely, you can implement it, if you are ready to make some compromises. E.g. it will be somewhat difficult, to automatically revoke permissions granted by a user, when his own permissions are later restricted. Your task is non-trivial... Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Permissions
Hello, I would like to setup the security on a Zope server such that a user can edit permissions on something they own, but not grant more permissions than what they have acquired from the parent. If a user owns a folder they could grant "Owner" any permissions they want inside of that folder (Assuming they have the "Change permission" permission). Is there a way to limit which permissions a user can change? I would like to be able to delegate permissions. Such that if a user creates a folder they can grant other roles permissions up to the permissions they have acquired from the parent folder. Is this possible? I don't want that user to be able to grant themselves additional permissions. Thanks, -Brian Brinegar ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Permissions to change Acquire Permissions?
I was wondering if it would be possible for a new permission to be created, this permission would let (or stop) people from changing the Acquire Permissions check boxes found in the Security Tab. The reason I would like a permissions like this is that some users that need to give people permissions are exactly trusted. This means that they could change the acquire permissions and circumvent people with "Manager" or higher privileges. This type of permission could be very useful for zope to have but would most properly require changing of how permission changing is handled? Mithro ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
RE: [Zope-dev] permissions/authorization on non ZClass/product objects
> > >First, make sure you're returning the instances in the > context of their > >container, e.g. instead of: > > > >def returnstuff(self): > >class foo: > >pass > >return foo() > > > >do > > > >def returnstuff(self): > >class foo: > >pass > >return foo().__of__(self) > > > If you want to do that, then you need to inherit the acquisition base > class too > > def returnstuff(self): > class foo(Acquisition.Implicit): > pass > return foo().__of__(self) Oops... yes. Thanks ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] permissions/authorization on non ZClass/product objects
On Wed, 2 Aug 2000 22:41:46 -0400 (EDT), Chris McDonough <[EMAIL PROTECTED]> wrote: >Karl, > >Two things come to mind: > >First, make sure you're returning the instances in the context of their >container, e.g. instead of: > >def returnstuff(self): >class foo: >pass >return foo() > >do > >def returnstuff(self): >class foo: >pass >return foo().__of__(self) If you want to do that, then you need to inherit the acquisition base class too def returnstuff(self): class foo(Acquisition.Implicit): pass return foo().__of__(self) >You may also want to try the magic: >def returnstuff(self): >class foo: >__allow_access_to_unprotected_subobjects__ = 1 >pass >return foo().__of__(self) > >in the class instances you return if nothing in them needs to be protected >by permissions in any way. Using __allow_access_to_unprotected_subobjects__ the object doesnt _need_ to have a context (although it might be useful for other things), so you can drop the __of__ Toby Dickenson [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] permissions/authorization on non ZClass/productobjects
Karl, Two things come to mind: First, make sure you're returning the instances in the context of their container, e.g. instead of: def returnstuff(self): class foo: pass return foo() do def returnstuff(self): class foo: pass return foo().__of__(self) You may also want to try the magic: def returnstuff(self): class foo: __allow_access_to_unprotected_subobjects__ = 1 pass return foo().__of__(self) in the class instances you return if nothing in them needs to be protected by permissions in any way. On 2 Aug 2000, Karl Anderson wrote: > > I'm having trouble with permissions and Python class instances that > aren't part of the Zope permission mechanism. > > I'm creating plain Python class instances in the Python baseclass of a > ZClass, and storing them in a list on the baseclass. The baseclass > instantiates these instances and appends them to its list. The class > is defined in the baseclass .py file. A method on the baseclass > returns this list of instances, and I'm iterating over them in DTML > and looking at their attributes - or trying to. I get an > authorization prompt, which always gives me an auth error, even though > the user can look at the ZClass that's returning the instances. > > I'm able to get around this by registering the plain Python class as a > base class, subclassing them with a ZClass, and instantiating ZClass > instances instead of baseclass instances. It seems like overkill, > though (and I always thought that instantiating ZClasses in python was > confusing). I don't need to expose methods or restrict access, just > open the attributes to be used as DTML variables. > > Are there ways to do this without making full-fledged ZClasses out of > my classes? Are there guidelines in general for using non-Zopish > subobjects that get used by the publishing process? > > -- > Karl Anderson [EMAIL PROTECTED] http://www.pobox.com/~kra/ > > ___ > Zope-Dev maillist - [EMAIL PROTECTED] > http://lists.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** > (Related lists - > http://lists.zope.org/mailman/listinfo/zope-announce > http://lists.zope.org/mailman/listinfo/zope ) > ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] permissions/authorization on non ZClass/product objects
I'm having trouble with permissions and Python class instances that aren't part of the Zope permission mechanism. I'm creating plain Python class instances in the Python baseclass of a ZClass, and storing them in a list on the baseclass. The baseclass instantiates these instances and appends them to its list. The class is defined in the baseclass .py file. A method on the baseclass returns this list of instances, and I'm iterating over them in DTML and looking at their attributes - or trying to. I get an authorization prompt, which always gives me an auth error, even though the user can look at the ZClass that's returning the instances. I'm able to get around this by registering the plain Python class as a base class, subclassing them with a ZClass, and instantiating ZClass instances instead of baseclass instances. It seems like overkill, though (and I always thought that instantiating ZClasses in python was confusing). I don't need to expose methods or restrict access, just open the attributes to be used as DTML variables. Are there ways to do this without making full-fledged ZClasses out of my classes? Are there guidelines in general for using non-Zopish subobjects that get used by the publishing process? -- Karl Anderson [EMAIL PROTECTED] http://www.pobox.com/~kra/ ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )