Re: [Zope3-Users] Where unauthorized is raised?
Hi, An update on this. When I change the permission on IMemberEditForm to zope.Public or zope.View then the form is displayed. Which is why I want to find the permission checker. The principal can view other objects protected by tfws.view but not this one. If I can find where the permission is being checked then perhaps I will find out why my principal is not passing the security checker and how I can fix it. Sorry if I'm getting hysterical. Regards, Darryl On Fri, 2006-07-21 at 19:33 +1200, Darryl Cousins wrote: Hi All, I'm having a permissions problem with a formlib form and an adapter. I have put the following in zope/schema/_bootstrapfields.py class Field ... def get(self, object): try: getattr(object, self.__name__) except: import sys print sys.exc_type, sys.exc_value return getattr(object, self.__name__) the print I get is: zope.security.interfaces.Unauthorized (tfws.portal.member.adapters.MemberEditFormForMember object at 0xb5b5bc8c, 'clear_photo', 'tfws.view') What I need to know is where is this Unauthorized being raised to debug further (as my principal indeed has the permission tfws.view). I need to pinpoint why. the only raise I can find that matches is in zope/security/checker but 'print's that I have added there give me nothing. Thanks, Darryl ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Where unauthorized is raised?
Hi, def __init__ ... self.context = self.__parent__ = context That's what I was missing in the adapter. Can I clarify this? The adapter is adapting an object (`self.context=context` in `__init__`). The field is getting an attribute from the security-proxied adapter. The permission is found on the adapter ('tfws.view') and the principal has this permission in the context, **but**; not on the adapter because the adapter has no 'location'. Only when I gave it a location with `self.__parent__` was the principal's possesion of the permission recognised as applying also to the adapter. Baiju: Probably one for your faq? Pester me. Likely be it, that somewhere is text that would have informed me. Damned if I could find it though. Excuse the noise. Cheers. Darryl PS: Where is that Unauthorized raised? # grep -R Unauthorized /usr/lib/python2.4/site-packages/zope/ | grep raise | uniq ... /usr/lib/python2.4/site-packages/zope/security/checker.py: raise Unauthorized(object, name, permission) ... That's the only one that matches, but I don't believe that is it. Maybe then in a .so? Curious. Darryl. On Fri, 2006-07-21 at 20:26 +1200, Darryl Cousins wrote: Hi, An update on this. When I change the permission on IMemberEditForm to zope.Public or zope.View then the form is displayed. Which is why I want to find the permission checker. The principal can view other objects protected by tfws.view but not this one. If I can find where the permission is being checked then perhaps I will find out why my principal is not passing the security checker and how I can fix it. Sorry if I'm getting hysterical. Regards, Darryl On Fri, 2006-07-21 at 19:33 +1200, Darryl Cousins wrote: Hi All, I'm having a permissions problem with a formlib form and an adapter. I have put the following in zope/schema/_bootstrapfields.py class Field ... def get(self, object): try: getattr(object, self.__name__) except: import sys print sys.exc_type, sys.exc_value return getattr(object, self.__name__) the print I get is: zope.security.interfaces.Unauthorized (tfws.portal.member.adapters.MemberEditFormForMember object at 0xb5b5bc8c, 'clear_photo', 'tfws.view') What I need to know is where is this Unauthorized being raised to debug further (as my principal indeed has the permission tfws.view). I need to pinpoint why. the only raise I can find that matches is in zope/security/checker but 'print's that I have added there give me nothing. Thanks, Darryl ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Where unauthorized is raised?
Hi Takayuki, Thanks for that. I hadn't used PostmortemDebuggingHTTP before today. Regards, Darryl Takayuki Shimizukawa wrote: Hi Darryl. 2006/7/21, Darryl Cousins [EMAIL PROTECTED]: What I need to know is where is this Unauthorized being raised to debug further (as my principal indeed has the permission tfws.view). I need to pinpoint why. PostmortemDebuggingHTTP might teach the exception point. Please make PostmortemDebuggingHTTP effective with zope.conf, and use the port specified for URL. ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
RE: [Zope3-Users] Where unauthorized is raised?
Hi Darryl Hi Roger, Thanks. Is there a preferred option between using self.context = self.__parent__ = context and setting the 'locate' directive in configure. My thought is that setting __parent__ on the adapter is unecessary if locate does the job. Yes, I use most the time locate=True. But right, set the parent explicit is also Ok. I don't thnk there is a preferred way. just remember, the missing location on a adapters is most the time responsible for permission lookup problems. Regards Roger Ineichen ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
RE: [Zope3-Users] Where unauthorized is raised?
Cheers, Thanks for the reply. And I shall remember (he hopes). Regards, Darryl Roger Ineichen wrote: Yes, I use most the time locate=True. But right, set the parent explicit is also Ok. I don't thnk there is a preferred way. just remember, the missing location on a adapters is most the time responsible for permission lookup problems. Regards Roger Ineichen ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users