Re: [Zope] External Methods and Authentication error (resolved)
- Original Message -
From: "Dieter Maurer" <[EMAIL PROTECTED]>
To: "Jonathan" <[EMAIL PROTECTED]>
Cc:
Sent: Sunday, March 11, 2007 3:13 PM
Subject: Re: [Zope] External Methods and Authentication error
External Method:
# threadFolder is a BTreeFolder2; viewCount is a
property
field on the BTreeFolder2
line 3227:threadFolder = self.unrestrictedTraverse(topFolder + forumId
+
'/' + threadId)
line 3228:threadFolder.manage_changeProperties({'viewCount':
threadFolder.viewCount+1})
OFS/PropertyManager.py
line 299: def manage_changeProperties(self, REQUEST=None, **kw):
...
line 317:if REQUEST:
line 318:message="Saved changes."
line 319:return self.manage_propertiesForm(self,REQUEST,
line 320:
manage_tabs_message=message)
I see: the "DTML" object is "manage_propertiesForm" and there is
no nameclash.
The "manage_changeProperties" method has a somewhat awkward behaviour.
In general, you should not pass it a positional argument but always
keyword arguments. If you pass a positional argument, it takes it
for "REQUEST" and usually does the wrong thing.
If you have the arguments in a dictionary "d", use
"manage_changeProperties(**d)".
Thanks Dieter, that makes sense and clears up the situation entirely!
Jonathan
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] External Methods and Authentication error
Jonathan wrote at 2007-3-10 08:03 -0500:
> ...
>Dieter, thanks for the lead, but it is all very strange and I really don't
>understand what is happening...
>
>External Method:
>
> # threadFolder is a BTreeFolder2; viewCount is a property
>field on the BTreeFolder2
>
>line 3227:threadFolder = self.unrestrictedTraverse(topFolder + forumId +
>'/' + threadId)
>line 3228:threadFolder.manage_changeProperties({'viewCount':
>threadFolder.viewCount+1})
>
>
>OFS/PropertyManager.py
>
>line 299: def manage_changeProperties(self, REQUEST=None, **kw):
>...
>line 317:if REQUEST:
>line 318:message="Saved changes."
>line 319:return self.manage_propertiesForm(self,REQUEST,
>line 320:
>manage_tabs_message=message)
I see: the "DTML" object is "manage_propertiesForm" and there is
no nameclash.
The "manage_changeProperties" method has a somewhat awkward behaviour.
In general, you should not pass it a positional argument but always
keyword arguments. If you pass a positional argument, it takes it
for "REQUEST" and usually does the wrong thing.
If you have the arguments in a dictionary "d", use
"manage_changeProperties(**d)".
--
Dieter
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] External Methods and Authentication error
- Original Message -
From: "Dieter Maurer" <[EMAIL PROTECTED]>
Sent: Saturday, March 10, 2007 2:38 AM
Subject: Re: [Zope] External Methods and Authentication error
Jonathan wrote at 2007-3-8 09:27 -0500:
...
Module /apps/Zope-2.9.2/Extensions/playwiser-1.0.py, line 3228, in
IncrementViewCount
Module OFS.PropertyManager, line 320, in manage_changeProperties
Module Shared.DC.Scripts.Bindings, line 311, in __call__
This looks funny.
Your "manage_changeProperties" calls a DMTL object.
This looks like a nameclash. I guess you have overridden some
method of "PropertyManager" with a DML object.
Check line 320 in "OFS/PropertyManager.py" what method is called
there and why it is a DTML object.
Dieter, thanks for the lead, but it is all very strange and I really don't
understand what is happening...
External Method:
# threadFolder is a BTreeFolder2; viewCount is a property
field on the BTreeFolder2
line 3227:threadFolder = self.unrestrictedTraverse(topFolder + forumId +
'/' + threadId)
line 3228:threadFolder.manage_changeProperties({'viewCount':
threadFolder.viewCount+1})
OFS/PropertyManager.py
line 299: def manage_changeProperties(self, REQUEST=None, **kw):
...
line 317:if REQUEST:
line 318:message="Saved changes."
line 319:return self.manage_propertiesForm(self,REQUEST,
line 320:
manage_tabs_message=message)
The call to manage_changeProperties in the External Method does not contain
REQUEST, therefore line 320 in PropertyManger.py should never get executed,
but it is part of the error traceback (copy below).
This error goes away if I change the 'Access contents information' security
setting from 'Manager' to 'Anonymous'.
At this point I am rewriting the application to move the counts (and other
update-intensive fields) from the property fields of the BTreeFolder2 and
put them into a MySQL db. I expect that this will eliminate the error, but
if anyone has any ideas as to what caused the error I would love to know! (i
hate unresolved issues).
Thanks again for the assistance.
Jonathan
Traceback (innermost last):
Module ZPublisher.Publish, line 115, in publish
Module ZPublisher.mapply, line 88, in mapply
Module ZPublisher.Publish, line 41, in call_object
Module OFS.DTMLMethod, line 144, in __call__
-
- URL: http://new.playwiser.com/ViewPublicThread/manage_main
- Physical Path: /Playwiser/WUI/ViewPublicThread
Module DocumentTemplate.DT_String, line 476, in __call__
Module DocumentTemplate.DT_Let, line 75, in render
Module DocumentTemplate.DT_Util, line 196, in eval
- __traceback_info__: document_id
Module , line 1, in
Module Products.ExternalMethod.ExternalMethod, line 232, in __call__
- __traceback_info__: (('ViewPublicThread',), {}, None)
Module /apps/Zope-2.9.2/Extensions/playwiser-1.0.py, line 705, in
ProcessControl
Module , line 1, in ?
Module /apps/Zope-2.9.2/Extensions/playwiser-1.0.py, line 6212, in
subViewPublicThread
Module /apps/Zope-2.9.2/Extensions/playwiser-1.0.py, line 3228, in
IncrementViewCount
Module OFS.PropertyManager, line 320, in manage_changeProperties
Module Shared.DC.Scripts.Bindings, line 311, in __call__
Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec
Module App.special_dtml, line 175, in _exec
Module Shared.DC.Scripts.Bindings, line 182, in __getattr__
Module AccessControl.ImplPython, line 563, in validate
Module AccessControl.ImplPython, line 461, in validate
Module AccessControl.ImplPython, line 808, in raiseVerbose
Unauthorized: Your user account does not have the required permission.
Access to 'manage_page_header' of (BTreeFolder2 at
/Playwiser/PublicForums/00/00) denied. Your user account,
Anonymous User, exists at /acl_users. Access requires one of the following
roles: ['Manager']. Your roles in this context are ['Anonymous'].
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] External Methods and Authentication error
Jonathan wrote at 2007-3-8 09:27 -0500: > ... > Module /apps/Zope-2.9.2/Extensions/playwiser-1.0.py, line 3228, in >IncrementViewCount > Module OFS.PropertyManager, line 320, in manage_changeProperties > Module Shared.DC.Scripts.Bindings, line 311, in __call__ This looks funny. Your "manage_changeProperties" calls a DMTL object. This looks like a nameclash. I guess you have overridden some method of "PropertyManager" with a DML object. Check line 320 in "OFS/PropertyManager.py" what method is called there and why it is a DTML object. -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] External Methods and Authentication error
(Thu, Mar 08, 2007 at 02:11:07PM -0500) Jonathan wrote/schrieb/egrapse: If there is an alternative approach I would really like to know about it! I already mentioned that there is an alternative approach. There is a Zope product ready to download and install. Just search for it, I don't remember the name offhand, though it might be something as simple as "zopecounter". I found hit counter concept on zopelabs (http://www.zopelabs.com/cookbook/991116439 for anyone who is interested) that uses an sql db to store/retrieve frequently updated information. I am going to modify the application to use an external mysql db instead of constantly updating objects in the zodb. Thanks for the catch! Jonathan ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] External Methods and Authentication error
(Thu, Mar 08, 2007 at 02:11:07PM -0500) Jonathan wrote/schrieb/egrapse: > If there is an alternative approach I would really like to know about it! I already mentioned that there is an alternative approach. There is a Zope product ready to download and install. Just search for it, I don't remember the name offhand, though it might be something as simple as "zopecounter". Regards, Sascha ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] External Methods and Authentication error
- Original Message -
From: "Sascha Welter" <[EMAIL PROTECTED]>
To:
Sent: Thursday, March 08, 2007 2:01 PM
Subject: Re: [Zope] External Methods and Authentication error
(Thu, Mar 08, 2007 at 09:27:50AM -0500) Jonathan wrote/schrieb/egrapse:
I have an external method that contains:
threadFolder = self.unrestrictedTraverse(topFolder + forumId +
'/' +
threadId, None)
threadFolder.manage_changeProperties({'viewCount':
threadFolder.viewCount+1})
Jonathan,
regardless of your error, I hope you understand that it looks like
you are trying to do something slightly foolish here. Incrementing a
property counter with every page view on an object in the ZODB will
get the size of your Data.fs file up much, much faster than normally
expected. Also you might get a lot of conflict errors.
There is a "counter" product somewhere to be found (on zope.org IIRC)
that does this stuff in a much better way. The proper way is of course
to use the information in apache log files.
The counter must be real-time (ie. live), everytime someone views a
particular object the view count for that specific object must be
incremented and immediately displayed, therefore use of apache logs is not
appropriate for this particular situation. Also, the view counts must be
persistant (ie. simply updating a variable stored in RAM will not work).
If there is an alternative approach I would really like to know about it!
Thanks,
Jonathan
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] External Methods and Authentication error
(Thu, Mar 08, 2007 at 09:27:50AM -0500) Jonathan wrote/schrieb/egrapse:
> I have an external method that contains:
>
> threadFolder = self.unrestrictedTraverse(topFolder + forumId + '/' +
> threadId, None)
> threadFolder.manage_changeProperties({'viewCount':
> threadFolder.viewCount+1})
Jonathan,
regardless of your error, I hope you understand that it looks like
you are trying to do something slightly foolish here. Incrementing a
property counter with every page view on an object in the ZODB will
get the size of your Data.fs file up much, much faster than normally
expected. Also you might get a lot of conflict errors.
There is a "counter" product somewhere to be found (on zope.org IIRC)
that does this stuff in a much better way. The proper way is of course
to use the information in apache log files.
Regards,
Sascha
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] External Methods and Authentication error (add'l info)
- Original Message -
From: "Jonathan" <[EMAIL PROTECTED]>
To:
Sent: Thursday, March 08, 2007 9:27 AM
Subject: [Zope] External Methods and Authentication error
I have an external method that contains:
threadFolder = self.unrestrictedTraverse(topFolder + forumId + '/'
+ threadId, None)
threadFolder.manage_changeProperties({'viewCount':
threadFolder.viewCount+1})
When this external method is invoked (via an 'Anonymous' user invoking a
dtml method) I get the following authentication error:
Traceback (innermost last):
Module ZPublisher.Publish, line 115, in publish
Module ZPublisher.mapply, line 88, in mapply
Module ZPublisher.Publish, line 41, in call_object
Module OFS.DTMLMethod, line 144, in __call__
-
- URL: http://new.playwiser.com/ViewPublicThread/manage_main
- Physical Path: /Playwiser/WUI/ViewPublicThread
Module DocumentTemplate.DT_String, line 476, in __call__
Module DocumentTemplate.DT_Let, line 75, in render
Module DocumentTemplate.DT_Util, line 196, in eval
- __traceback_info__: document_id
Module , line 1, in
Module Products.ExternalMethod.ExternalMethod, line 232, in __call__
- __traceback_info__: (('ViewPublicThread',), {}, None)
Module /apps/Zope-2.9.2/Extensions/playwiser-1.0.py, line 705, in
ProcessControl
Module , line 1, in ?
Module /apps/Zope-2.9.2/Extensions/playwiser-1.0.py, line 6212, in
subViewPublicThread
Module /apps/Zope-2.9.2/Extensions/playwiser-1.0.py, line 3228, in
IncrementViewCount
Module OFS.PropertyManager, line 320, in manage_changeProperties
Module Shared.DC.Scripts.Bindings, line 311, in __call__
Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec
Module App.special_dtml, line 175, in _exec
Module Shared.DC.Scripts.Bindings, line 182, in __getattr__
Module AccessControl.ImplPython, line 563, in validate
Module AccessControl.ImplPython, line 461, in validate
Module AccessControl.ImplPython, line 808, in raiseVerbose
Unauthorized: Your user account does not have the required permission.
Access to 'manage_page_header' of (BTreeFolder2 at
/Playwiser/PublicForums/00/00) denied. Your user account,
Anonymous User, exists at /acl_users. Access requires one of the following
roles: ['Manager']. Your roles in this context are ['Anonymous'].
I was under the impression that code in external methods runs as 'trusted'
and does not incur normal Zope security checks.
Is this error being generated because the external method was invoked by a
DTML method or is there some other factor that I am unaware of?
If i set the 'Access contents information' permission for the PublicForums
BTreeFolder2 to 'Anonymous' the external method works.
I don't know why this permission would allow the manage_changeProperties
(line 3228 in the external method) to work?
line 3228: threadFolder.manage_changeProperties({'viewCount': >
threadFolder.viewCount+1})
Zope 2.9.2
Python 2.4.2
Red Hat 3.4.5-2
Thanks,
Jonathan
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] External Methods and Authentication error
I have an external method that contains:
threadFolder = self.unrestrictedTraverse(topFolder + forumId + '/' +
threadId, None)
threadFolder.manage_changeProperties({'viewCount':
threadFolder.viewCount+1})
When this external method is invoked (via an 'Anonymous' user invoking a
dtml method) I get the following authentication error:
Traceback (innermost last):
Module ZPublisher.Publish, line 115, in publish
Module ZPublisher.mapply, line 88, in mapply
Module ZPublisher.Publish, line 41, in call_object
Module OFS.DTMLMethod, line 144, in __call__
-
- URL: http://new.playwiser.com/ViewPublicThread/manage_main
- Physical Path: /Playwiser/WUI/ViewPublicThread
Module DocumentTemplate.DT_String, line 476, in __call__
Module DocumentTemplate.DT_Let, line 75, in render
Module DocumentTemplate.DT_Util, line 196, in eval
- __traceback_info__: document_id
Module , line 1, in
Module Products.ExternalMethod.ExternalMethod, line 232, in __call__
- __traceback_info__: (('ViewPublicThread',), {}, None)
Module /apps/Zope-2.9.2/Extensions/playwiser-1.0.py, line 705, in
ProcessControl
Module , line 1, in ?
Module /apps/Zope-2.9.2/Extensions/playwiser-1.0.py, line 6212, in
subViewPublicThread
Module /apps/Zope-2.9.2/Extensions/playwiser-1.0.py, line 3228, in
IncrementViewCount
Module OFS.PropertyManager, line 320, in manage_changeProperties
Module Shared.DC.Scripts.Bindings, line 311, in __call__
Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec
Module App.special_dtml, line 175, in _exec
Module Shared.DC.Scripts.Bindings, line 182, in __getattr__
Module AccessControl.ImplPython, line 563, in validate
Module AccessControl.ImplPython, line 461, in validate
Module AccessControl.ImplPython, line 808, in raiseVerbose
Unauthorized: Your user account does not have the required permission.
Access to 'manage_page_header' of (BTreeFolder2 at
/Playwiser/PublicForums/00/00) denied. Your user account,
Anonymous User, exists at /acl_users. Access requires one of the following
roles: ['Manager']. Your roles in this context are ['Anonymous'].
I was under the impression that code in external methods runs as 'trusted'
and does not incur normal Zope security checks.
Is this error being generated because the external method was invoked by a
DTML method or is there some other factor that I am unaware of?
Thanks,
Jonathan
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
