Re: [Zope3-Users] Where unauthorized is raised?
Hi, An update on this. When I change the permission on IMemberEditForm to zope.Public or zope.View then the form is displayed. Which is why I want to find the permission checker. The principal can view other objects protected by tfws.view but not this one. If I can find where the permission is being checked then perhaps I will find out why my principal is not passing the security checker and how I can fix it. Sorry if I'm getting hysterical. Regards, Darryl On Fri, 2006-07-21 at 19:33 +1200, Darryl Cousins wrote: Hi All, I'm having a permissions problem with a formlib form and an adapter. I have put the following in zope/schema/_bootstrapfields.py class Field ... def get(self, object): try: getattr(object, self.__name__) except: import sys print sys.exc_type, sys.exc_value return getattr(object, self.__name__) the print I get is: zope.security.interfaces.Unauthorized (tfws.portal.member.adapters.MemberEditFormForMember object at 0xb5b5bc8c, 'clear_photo', 'tfws.view') What I need to know is where is this Unauthorized being raised to debug further (as my principal indeed has the permission tfws.view). I need to pinpoint why. the only raise I can find that matches is in zope/security/checker but 'print's that I have added there give me nothing. Thanks, Darryl ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Where unauthorized is raised?
Hi,
def __init__ ...
self.context = self.__parent__ = context
That's what I was missing in the adapter. Can I clarify this?
The adapter is adapting an object (`self.context=context` in
`__init__`).
The field is getting an attribute from the security-proxied adapter.
The permission is found on the adapter ('tfws.view') and the principal
has this permission in the context, **but**; not on the adapter because
the adapter has no 'location'. Only when I gave it a location with
`self.__parent__` was the principal's possesion of the permission
recognised as applying also to the adapter.
Baiju: Probably one for your faq? Pester me.
Likely be it, that somewhere is text that would have informed me. Damned
if I could find it though. Excuse the noise.
Cheers.
Darryl
PS:
Where is that Unauthorized raised?
# grep -R Unauthorized /usr/lib/python2.4/site-packages/zope/ | grep raise |
uniq
...
/usr/lib/python2.4/site-packages/zope/security/checker.py: raise
Unauthorized(object, name, permission)
...
That's the only one that matches, but I don't believe that is it. Maybe
then in a .so? Curious.
Darryl.
On Fri, 2006-07-21 at 20:26 +1200, Darryl Cousins wrote:
Hi,
An update on this.
When I change the permission on IMemberEditForm to zope.Public or
zope.View then the form is displayed. Which is why I want to find the
permission checker. The principal can view other objects protected by
tfws.view but not this one.
If I can find where the permission is being checked then perhaps I will
find out why my principal is not passing the security checker and how I
can fix it.
Sorry if I'm getting hysterical.
Regards,
Darryl
On Fri, 2006-07-21 at 19:33 +1200, Darryl Cousins wrote:
Hi All,
I'm having a permissions problem with a formlib form and an adapter.
I have put the following in zope/schema/_bootstrapfields.py
class Field ...
def get(self, object):
try:
getattr(object, self.__name__)
except:
import sys
print sys.exc_type, sys.exc_value
return getattr(object, self.__name__)
the print I get is:
zope.security.interfaces.Unauthorized
(tfws.portal.member.adapters.MemberEditFormForMember object at
0xb5b5bc8c, 'clear_photo', 'tfws.view')
What I need to know is where is this Unauthorized being raised to debug
further (as my principal indeed has the permission tfws.view). I need to
pinpoint why.
the only raise I can find that matches is in zope/security/checker but
'print's that I have added there give me nothing.
Thanks,
Darryl
___
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users
___
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users
___
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Where unauthorized is raised?
Hi Takayuki, Thanks for that. I hadn't used PostmortemDebuggingHTTP before today. Regards, Darryl Takayuki Shimizukawa wrote: Hi Darryl. 2006/7/21, Darryl Cousins [EMAIL PROTECTED]: What I need to know is where is this Unauthorized being raised to debug further (as my principal indeed has the permission tfws.view). I need to pinpoint why. PostmortemDebuggingHTTP might teach the exception point. Please make PostmortemDebuggingHTTP effective with zope.conf, and use the port specified for URL. ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
RE: [Zope3-Users] Where unauthorized is raised?
Hi Darryl Hi Roger, Thanks. Is there a preferred option between using self.context = self.__parent__ = context and setting the 'locate' directive in configure. My thought is that setting __parent__ on the adapter is unecessary if locate does the job. Yes, I use most the time locate=True. But right, set the parent explicit is also Ok. I don't thnk there is a preferred way. just remember, the missing location on a adapters is most the time responsible for permission lookup problems. Regards Roger Ineichen ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
RE: [Zope3-Users] Where unauthorized is raised?
Cheers, Thanks for the reply. And I shall remember (he hopes). Regards, Darryl Roger Ineichen wrote: Yes, I use most the time locate=True. But right, set the parent explicit is also Ok. I don't thnk there is a preferred way. just remember, the missing location on a adapters is most the time responsible for permission lookup problems. Regards Roger Ineichen ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
