Steve Spicklemire wrote:
> Hi ZPatterns folks...
> ZPatterns-0.4.1snap1
> Zope2.2.0-src
> I have a specialist with a defaultRack storing DataSkin subclassed
> ZClass instances with only persistent attribute providers.
> <dtml-var "defaultRack.getPersistentItemIDs()">

When I call that, I get <BTreeItems object at 869a5d8>. To get that list
of IDs, I use an external method:

def get_persistent_ids(self):
        items = self.defaultRack.aq_base.getPersistentItemIDs()
        return map(lambda x: x, items)
        import sys, traceback, string
        etype, val, tb = sys.exc_info()
val, tb),''))
        del etype, val, tb                                    

I've tried something like your code, with no sheetproviders in the rack.
I can't reproduce your error. I'm using the method as a Manager.
> or
> <dtml-in "defaultRack.getPersistentItemIDs()">
> ...
> </dtml-in>
> raise AuthorizationFailed
> <dtml-in "defaultRack.getPersistentItemIDs()" sort>
> ...
> </dtml-in>
> works fine. What did I do now? ;-)

Line 318, The method getPersistentItemIDs has no docstring. Is
that still significant under the new security model?

Does the user you're running the method as have the permission "Access
contents information" ?

Looks like you may have uncovered a Zope security bug in <dtml-in ...
sort> :-/

How could we test this further?

Steve Alexander
Software Engineer
Cat-Box limited

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to