Re: [Zope] ZWiki RecentChanges don't work in Zope 2.2.x
what Martijn said (thanks Martijn). Another quick workaround mentioned on ZWikiProblems: you could remove the calls to getSize and similar attributes from your recentchanges page. Then Access Contents Information should be sufficient. -Simon ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] ZWiki RecentChanges don't work in Zope 2.2.x
On Mon, Sep 25, 2000 at 04:14:03PM +0100, Chris Withers wrote: > ...you get an authorization error :-( > > This is because this Wiki isn't (and shouldn't) be publicly viewable or > editable. > > So, Anonymous doesn't have 'View' permission on the folder. I've given > Anonymous 'Access Contents Information', the usual nasty hack I had to > do before, but now that just changes the error message :-S (it's in a PS > below) > > I guess the Interfaces Wiki does pretty much this, but RecentChanges > works there. What tweaks to permissions and code have been made there? > > This all stems from the fact that DTML in Wiki code _always_ executes > with the Anonymous role. That's stoopid :-( > Wouldn't it make more sense for it to execute with whatever Proxy Roles > that Wiki Page has? > I would code this myself, but I don't know how. Any ideas? > > Any other thoughts about the problem? I have seen the same problem; the getSize method isn't accessible to RecentChanges, even though the Authenticated User has the View permission. Only when you explicitly give Anonymous the View permission on the Folder (or every individual ZWiki page), will RecentChanges render. This is caused by specific 'safetybelting', implemented by Jim Fulton, to mitigate the risks of ZWikis becoming an easy entry point for a Trojan Horse attack. With the new security policy in Zope 2.2, this is no longer necessary, and you can comment out the restriction. Just remove or comment out the 'validate' method in the file Products/ZWiki/ZWikiPage.py and restart your Zope server. Note that on a pre-2.2 server, this means that any DTML code executed in a ZWiki page will be executed with the rights of the viewer! If you still have problems, make sure that the Owner of the RecentChanges object has rights to 'View' the ZWiki pages. The Interfaces Wiki (and all other Zope.org Wikis) allow Anonymous to View, only Editing and Adding new Wiki pages is restricted. -- Martijn Pieters | Software Engineer mailto:[EMAIL PROTECTED] | Digital Creations http://www.digicool.com/ | Creators of Zope http://www.zope.org/ - ___ Zope maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )
[Zope] ZWiki RecentChanges don't work in Zope 2.2.x
...you get an authorization error :-(
This is because this Wiki isn't (and shouldn't) be publicly viewable or
editable.
So, Anonymous doesn't have 'View' permission on the folder. I've given
Anonymous 'Access Contents Information', the usual nasty hack I had to
do before, but now that just changes the error message :-S (it's in a PS
below)
I guess the Interfaces Wiki does pretty much this, but RecentChanges
works there. What tweaks to permissions and code have been made there?
This all stems from the fact that DTML in Wiki code _always_ executes
with the Anonymous role. That's stoopid :-(
Wouldn't it make more sense for it to execute with whatever Proxy Roles
that Wiki Page has?
I would code this myself, but I don't know how. Any ideas?
Any other thoughts about the problem?
cheers,
Chris
PS:
Unauthorized
You are not authorized to access getSize
Traceback (innermost last):
File /mnt/data/2/zope/2-2-2_base/lib/python/ZPublisher/Publish.py,
line 222, in publish_module
File /mnt/data/2/zope/2-2-2_base/lib/python/ZPublisher/Publish.py,
line 187, in publish
File /mnt/data/2/zope/2-2-2_base/lib/python/ZPublisher/Publish.py,
line 171, in publish
File /mnt/data/2/zope/2-2-2_base/lib/python/ZPublisher/mapply.py, line
160, in mapply
(Object: RecentChanges)
File /mnt/data/2/zope/2-2-2_base/lib/python/ZPublisher/Publish.py,
line 112, in call_object
(Object: RecentChanges)
File
/usr/local/zope/2-2-2_base/lib/python/Products/ZWiki/ZWikiPage.py, line
178, in __call__
(Object: RecentChanges)
File
/usr/local/zope/2-2-2_base/lib/python/Products/ZWiki/ZWikiPage.py, line
223, in render_htmldtml
(Object: RecentChanges)
File /mnt/data/2/zope/2-2-2_base/lib/python/OFS/DTMLDocument.py, line
177, in __call__
(Object: RecentChanges)
File
/mnt/data/2/zope/2-2-2_base/lib/python/DocumentTemplate/DT_String.py,
line 528, in __call__
(Object: RecentChanges)
File /mnt/data/2/zope/2-2-2_base/lib/python/DocumentTemplate/DT_In.py,
line 691, in renderwob
(Object: aq_parent.objectValues(spec='ZWiki Page'))
File
/mnt/data/2/zope/2-2-2_base/lib/python/DocumentTemplate/DT_Util.py, line
337, in eval
(Object: _.getitem('sequence-item').getSize())
(Info: _)
File , line 0, in ?
File
/mnt/data/2/zope/2-2-2_base/lib/python/DocumentTemplate/DT_Util.py, line
140, in careful_getattr
File
/usr/local/zope/2-2-2_base/lib/python/Products/ZWiki/ZWikiPage.py, line
501, in validate
(Object: RecentChanges)
Unauthorized: (see above)
___
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
