[Zope] SECURITY ROLES and DTML-IN

2000-07-17 Thread Theodore Patrick

I am having trouble rendering a DTML IN in ZOPE 2.2.0 to any user
regardless of roles.

I have allocated the proper rights to all objects used and nothing happens.
The IN will not let any user view its contents.

DTML IN

I am using an IN in a DTML Document to render the contents of an
SQL_Method from and Oracle Database.
There are 3 objects.

1. Database Connection(ORACLE) - Working and can run test. OK

2. SQL_Method(VIEW_METHOD)- Working and can see results when run.
SQL: select id, v_id vid, item_name name, url from item
The SQL method returns columns: id, vid, name, url as expected. OK

3. DTML Document - Works fine with an IN that renders folder properties.
Change the Source of the DTML IN to the SQL_Method and it will prompt me
for user authentication.

dtml-in VIEW_METHOD size=1000 start=query_start
dtml-var id, dtml-var vid, dtml-var name, dtml-var url 
/dtml-in

When used it prompts the user to login - REGARDLESS OF CURRENT LOGIN and
returns the following error.

Traceback (innermost last):
  File C:\PROGRA~1\island8\lib\python\ZPublisher\Publish.py, line 222, in
publish_module
  File C:\PROGRA~1\island8\lib\python\ZPublisher\Publish.py, line 187, in
publish
  File C:\PROGRA~1\island8\lib\python\ZPublisher\Publish.py, line 171, in
publish
  File C:\PROGRA~1\island8\lib\python\ZPublisher\mapply.py, line 160, in
mapply
(Object: view)
  File C:\PROGRA~1\island8\lib\python\ZPublisher\Publish.py, line 112, in
call_object
(Object: view)
  File C:\PROGRA~1\island8\lib\python\OFS\DTMLMethod.py, line 167, in
__call__
(Object: view)
  File C:\PROGRA~1\island8\lib\python\DocumentTemplate\DT_String.py, line
502, in __call__
(Object: view)
  File C:\PROGRA~1\island8\lib\python\DocumentTemplate\DT_In.py, line 602,
in renderwb
(Object: view_method)


Things I have tried.

1. Opening up security all the way on all objects. Doesn't work. It
continues to ask me to log-in.
2. Proxy the DTML Documents ROLE to a higher role for the SQL_METHOD. Fails
just as before.

Is this a bug? Can anyone else confirm this.

PLATFORM: WINDOWS NT 4
ZOPE: 2.2.0 Final Release. 

___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )




RE: [Zope] SECURITY ROLES and DTML-IN

2000-07-17 Thread Brian Lloyd

 I am having trouble rendering a DTML IN in ZOPE 2.2.0 to any user
 regardless of roles.
 
 I have allocated the proper rights to all objects used and 
 nothing happens.
 The IN will not let any user view its contents.

Theodore - 

I bet you're running into the same problem as the 
folks using the ODBC adaptor. I've attached the post 
I made addressing this a few minutes ago.

If this fixes your problem, could you send a note to 
the zope-list and let the folks there know that the fix 
works for the Oracle DA too? (I'm going out of town today, 
so I won't be able to forward it if you only reply to me)

Thanks!

 Hi guys - 
 
 For those of you (I've mostly heard ODBC adapter users) 
 having authorization problems with your SQL methods, heres
 the scoop:
 
 Database connections use one of two classes in the 
 framework for wrapping up result data returned from 
 queries. One of those classes (that understands results 
 in RDB format) was missing a required security assertion. 
 
 The results returned by the ODBC adapter were bitten by 
 this - probably there are other adapters that could 
 be affected.
 
 I've attached a patch file for the file:
 lib/python/Shared/DC/ZRDB/RDB.py
 
 ...as well as an updated version of the whole file (since 
 I know a lot of you will be on Windows w/o patch :) Either 
 patch or replace the file and restart Zope to fix the 
 problem.
 
 This is also checked in for a 2.2.1 release that will 
 probably happen after a few weeks when enough people 
 have upgraded to shake out any other problems.
 


Brian Lloyd[EMAIL PROTECTED]
Software Engineer  540.371.6909  
Digital Creations  http://www.digicool.com 





 RDB.py
 RDB.py.patch


RE: [Zope] SECURITY ROLES and DTML-IN

2000-07-17 Thread Theodore Patrick

Brian,

Thanks a ton. The patch worked perfectly! As it turns out I was using ODBC
with Oracle. Everything works great. Rendering results perfectly.

Thanks for the prompt response. As always!

Theodore E. Patrick
Ishophere.com

-Original Message-
From: Brian Lloyd [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 17, 2000 10:27 AM
To: 'Theodore Patrick'; '[EMAIL PROTECTED]'
Subject: RE: [Zope] SECURITY ROLES and  DTML-IN


 I am having trouble rendering a DTML IN in ZOPE 2.2.0 to any user
 regardless of roles.
 
 I have allocated the proper rights to all objects used and 
 nothing happens.
 The IN will not let any user view its contents.

Theodore - 

I bet you're running into the same problem as the 
folks using the ODBC adaptor. I've attached the post 
I made addressing this a few minutes ago.

If this fixes your problem, could you send a note to 
the zope-list and let the folks there know that the fix 
works for the Oracle DA too? (I'm going out of town today, 
so I won't be able to forward it if you only reply to me)

Thanks!

 Hi guys - 
 
 For those of you (I've mostly heard ODBC adapter users) 
 having authorization problems with your SQL methods, heres
 the scoop:
 
 Database connections use one of two classes in the 
 framework for wrapping up result data returned from 
 queries. One of those classes (that understands results 
 in RDB format) was missing a required security assertion. 
 
 The results returned by the ODBC adapter were bitten by 
 this - probably there are other adapters that could 
 be affected.
 
 I've attached a patch file for the file:
 lib/python/Shared/DC/ZRDB/RDB.py
 
 ...as well as an updated version of the whole file (since 
 I know a lot of you will be on Windows w/o patch :) Either 
 patch or replace the file and restart Zope to fix the 
 problem.
 
 This is also checked in for a 2.2.1 release that will 
 probably happen after a few weeks when enough people 
 have upgraded to shake out any other problems.
 


Brian Lloyd[EMAIL PROTECTED]
Software Engineer  540.371.6909  
Digital Creations  http://www.digicool.com 





___
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )