Re: [Zope3-Users] container protectName
i have both stephan and phillip's books... but they're on loan to friends i'm trying to convert to zope ;) thanks again! On 3/30/06, Michael Howitz <[EMAIL PROTECTED]> wrote: > Am Mittwoch, den 29.03.2006, 12:22 -0500 schrieb Pete Taylor: > > That worked immediately... Thank you sir. > > > > other than "being really smart", how did you know to look at that? > > I had the same problem some time ago. ;) > > > I > > guess I don't understand some of the implied permissions, esp when > > they contradict what I put in the zcml. is there a writeup of the > > security chain on the zope3 application server startup somewhere that > > I can read through to have a better idea of how that works? > > I don't know ... maybe in Stephan's or Phillip's book ... > http://www.zope.org/Wikis/DevSite/Projects/ComponentArchitecture/Zope3Book/secureobjects.html > > mac > > -- "All guilt is relative, loyalty counts, and never let your conscience be your guide." - Lucas Buck, American Gothic ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] container protectName
Am Mittwoch, den 29.03.2006, 12:22 -0500 schrieb Pete Taylor: > That worked immediately... Thank you sir. > > other than "being really smart", how did you know to look at that? I had the same problem some time ago. ;) > I > guess I don't understand some of the implied permissions, esp when > they contradict what I put in the zcml. is there a writeup of the > security chain on the zope3 application server startup somewhere that > I can read through to have a better idea of how that works? I don't know ... maybe in Stephan's or Phillip's book ... http://www.zope.org/Wikis/DevSite/Projects/ComponentArchitecture/Zope3Book/secureobjects.html mac ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] container protectName
That worked immediately... Thank you sir. other than "being really smart", how did you know to look at that? I guess I don't understand some of the implied permissions, esp when they contradict what I put in the zcml. is there a writeup of the security chain on the zope3 application server startup somewhere that I can read through to have a better idea of how that works? I hate sending questions to the list if I could have just read it myself somewhere. On 3/29/06, Michael Howitz <[EMAIL PROTECTED]> wrote: > Am Mittwoch, den 29.03.2006, 01:56 -0500 schrieb Pete Taylor: > > Hi all (yet again ;) ), > > I ran into this issue on a project I worked on before, but I ended up > > changing the design before it became a significant issue. this time > > around, i don't see a way by it. > > > > i have a class that derives from Folder (or BTreeContainer, it doesn't > > really matter for this). in configure.zcml, i set it up as follows: > > > > > > > interface="zope.app.annotation.interfaces.IAttributeAnnotatable" > > /> > > > permission="zope.ManageContent" > > interface="zope.app.container.interfaces.IReadContainer" > > /> > > > permission="zope.ManageContent" > > interface="zope.app.container.interfaces.IWriteContainer" > > /> > > > permission="zope.ManageContent" > > interface=".interfaces.consumer.IConsumer" > > /> > > > permission="zope.ManageContent" > > set_schema=".interfaces.consumer.IConsumer" > > /> > > > > > > this doesn't work. putting in the third-down require statement breaks > [ ... ] > > I've put the traceback below... > > > > Traceback (most recent call last): > > File "bin/runzope", line 48, in ? > > run() > > File "bin/runzope", line 44, in run > > main(["-C", CONFIG_FILE] + sys.argv[1:]) > > File "/opt/zope3//lib/python/zope/app/twisted/main.py", line 74, in main > > service = setup(load_options(args)) > > File "/opt/zope3//lib/python/zope/app/twisted/main.py", line 139, in setup > > zope.app.appsetup.config(options.site_definition, features=features) > > File "/opt/zope3//lib/python/zope/app/appsetup/appsetup.py", line > > 110, in config > > context = xmlconfig.file(file, context=context, execute=execute) > > File "/opt/zope3//lib/python/zope/configuration/xmlconfig.py", line > > 556, in file > > context.execute_actions() > > File "/opt/zope3//lib/python/zope/configuration/config.py", line > > 606, in execute_actions > > for action in resolveConflicts(self.actions): > > File "/opt/zope3//lib/python/zope/configuration/config.py", line > > 1511, in resolveConflicts > > raise ConfigurationConflictError(conflicts) > > zope.configuration.config.ConfigurationConflictError: Conflicting > > configuration actions > > For: ('protectName', , '__contains__') > > File "/usr/lib/python2.4/site-packages/petetest/configure.zcml", > [ ... ] > > This is because your Interface IConsumer extends the > IContainer-Interface. In Zope3 security declarations can only be done > once on a content class, but if you extend from IContainer in both > require statements (for IConsumer and IReadContainer) a permission is > declared. > > Solution: Let ICustomer extend zope.interface.Interface. Because your > implementation of ICustomer extends BTreeContainer it also interhits the > implements statement for IContainer. > > HTH, > mac > > -- "All guilt is relative, loyalty counts, and never let your conscience be your guide." - Lucas Buck, American Gothic ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] container protectName
Am Mittwoch, den 29.03.2006, 01:56 -0500 schrieb Pete Taylor: > Hi all (yet again ;) ), > I ran into this issue on a project I worked on before, but I ended up > changing the design before it became a significant issue. this time > around, i don't see a way by it. > > i have a class that derives from Folder (or BTreeContainer, it doesn't > really matter for this). in configure.zcml, i set it up as follows: > > > interface="zope.app.annotation.interfaces.IAttributeAnnotatable" > /> > permission="zope.ManageContent" > interface="zope.app.container.interfaces.IReadContainer" > /> > permission="zope.ManageContent" > interface="zope.app.container.interfaces.IWriteContainer" > /> > permission="zope.ManageContent" > interface=".interfaces.consumer.IConsumer" > /> > permission="zope.ManageContent" > set_schema=".interfaces.consumer.IConsumer" > /> > > > this doesn't work. putting in the third-down require statement breaks [ ... ] > I've put the traceback below... > > Traceback (most recent call last): > File "bin/runzope", line 48, in ? > run() > File "bin/runzope", line 44, in run > main(["-C", CONFIG_FILE] + sys.argv[1:]) > File "/opt/zope3//lib/python/zope/app/twisted/main.py", line 74, in main > service = setup(load_options(args)) > File "/opt/zope3//lib/python/zope/app/twisted/main.py", line 139, in setup > zope.app.appsetup.config(options.site_definition, features=features) > File "/opt/zope3//lib/python/zope/app/appsetup/appsetup.py", line > 110, in config > context = xmlconfig.file(file, context=context, execute=execute) > File "/opt/zope3//lib/python/zope/configuration/xmlconfig.py", line > 556, in file > context.execute_actions() > File "/opt/zope3//lib/python/zope/configuration/config.py", line > 606, in execute_actions > for action in resolveConflicts(self.actions): > File "/opt/zope3//lib/python/zope/configuration/config.py", line > 1511, in resolveConflicts > raise ConfigurationConflictError(conflicts) > zope.configuration.config.ConfigurationConflictError: Conflicting > configuration actions > For: ('protectName', , '__contains__') > File "/usr/lib/python2.4/site-packages/petetest/configure.zcml", [ ... ] This is because your Interface IConsumer extends the IContainer-Interface. In Zope3 security declarations can only be done once on a content class, but if you extend from IContainer in both require statements (for IConsumer and IReadContainer) a permission is declared. Solution: Let ICustomer extend zope.interface.Interface. Because your implementation of ICustomer extends BTreeContainer it also interhits the implements statement for IContainer. HTH, mac ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users