Re: [Zope3-Users] local grants for z3c.rest not working.
Also, i have a PAU registered. Still it seems like the PAU is not being contacted for authenticating REST requests. I can Authenticate the principals in principal.zcml only. rgds, Jayarajan J N (IRC nick - jayaraj) On Thu, Dec 11, 2008 at 12:06 PM, Jayarajan Jn [EMAIL PROTECTED] wrote: Hi all, Recently i was looking for some zope3 based solutions for implementing RESTful public API. And i found z3c.rest. To begin with package I have installed it and enabled the the RESTviews for 'Folder' that is provided in the 'tests' sub-folder of z3c.rest. It works fine. Then i changed the Permission setting for GET view from 'zope.View' to 'zope.ManageContent' and i expected this would make the GET view of the Folder to be unavailable to the Public. But it was still possible for me to call the GET view with an 'unauthorised' request. Similarly, i changed the permission for POST/PUT from 'zope.ManageContent' to 'zope.Public' and still I had to get authenticated to access it. Can any one please tell me how can i use local grants with z3c.rest? I expected it to work the same way as other zope:views do. Please help me on this. I have installed the package available in the svn trunk. Zope3 setup is zope3.4.0c1 + python 2.5 I have tested the GET view using both web browser and a python script. Following is the original configurations from z3c/rest/tests/folder.zcml view for=zope.app.folder.interfaces.IFolder name=GET type=..interfaces.IRESTRequest factory=.folder.FolderAPI permission=zope.View allowed_attributes=GET / view for=zope.app.folder.interfaces.IFolder name=POST type=..interfaces.IRESTRequest factory=.folder.FolderAPI permission=zope.ManageContent allowed_attributes=POST / view for=zope.app.folder.interfaces.IFolder name=PUT type=..interfaces.IRESTRequest factory=.folder.FolderAPI permission=zope.ManageContent allowed_attributes=PUT / ## This is how i changed it -- view for=zope.app.folder.interfaces.IFolder name=GET type=..interfaces.IRESTRequest factory=.folder.FolderAPI permission=zope.ManageContent allowed_attributes=GET / view for=zope.app.folder.interfaces.IFolder name=POST type=..interfaces.IRESTRequest factory=.folder.FolderAPI permission=zope.Public allowed_attributes=POST / view for=zope.app.folder.interfaces.IFolder name=PUT type=..interfaces.IRESTRequest factory=.folder.FolderAPI permission=zope.Public allowed_attributes=PUT / Thanks in advance. rgds, Jayarajan J N (IRC nick - jayaraj) ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] automatic authentication after signup
Hi ALL,
I have been doing an authentcation package with signup and login/logout
features using PAU. When i refered to philips book and the worldcookery
example i found the following codes in the signup logic.
class SignUpView(BaseSignUpView):
signUpForm = ViewPageTemplateFile('signup.pt')
def signUp(self, login, title, password, confirmation):
if confirmation != password:
raise UserError(_(uPassword and confirmation didn't match))
folder = self._signupfolder()
if login in folder:
raise UserError(_(uThis login has already been chosen.))
principal_id = folder.signUp(login, password, title)
role_manager = IPrincipalRoleManager(self.context)
role_manager = removeSecurityProxy(role_manager) # - wot does it
really do and how does it make the newly
# created user to be authenticated automatically
for role in folder.signup_roles:
role_manager.assignRoleToPrincipal(role, principal_id)
self.request.response.redirect(@@welcome.html)
The above logic works well for me too. But if i comment the line
'role_manager = removeSecurityProxy(role_manager)',still user creation and
role assignment works. but i am asked to login again right after the signup.
and the redirect does not work.
And another apporch i have seen in
http://kelpi.com/script/e2019a
http://kelpi.com/script/f49219
so i tried to set the principal as
principal=pau.getPrincipal(principal_id)
sel.request.setPrincipal(principal)
and commented the removeSecurityProxy line.
But it also gives same result.
So is there any other way than using removeSecurityProxy(role_manager)? I
also would like to know how risky it can be to use removeSecurityProxy in a
code with public (zope.public) permission. I Know this is very trivial issue
and everyone have gone through this once.
Thanks in advance.
___
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] Will new release of zope3 include TSL/SSL in zope.sendmail
Hi ALL, When will the next release of zope3 will be? will there be a zope3.4c2? By the way i wish to know whether next release will include the latest release of zope.sendmail which has TSL/SSL feature. I have noticed that last release, zope3.4c01 was on 31 Jan 2008. http://www.zope.org/Products/Zope3/3.4.0c1 And the zope.sendmail has trunked SSL/TLS feature on 19th Aug 2008. http://svn.zope.org/zope.sendmail/trunk/src/zope/sendmail/mailer.py?rev=92747sortby=logview=log So its obvious that zope3.4c01 don't have SSL/TLS feature in its zope.sendmail. And i have seen some other many other fixes in the zope.sendmail that enables it to work well with gmail and similar So i hope we can see new zope.sendmail in the next release. Regards, jayaraj ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] launchpad for z3c.extfile
Hi, I have been going through z3c.extfile code for last few days. I am interested to contribute towards this project and to be part of the discussions about it. I checked launchpad for this project. But i couldn't see it there... And after a few googling i am here. How can i see the discussions on this project and contribute towards it the way i can? ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
