Maybe silly questions, but:  Do you call InitializeGlobals() on ObjectX's
class (usually at the end of the module where it's defined)?  Does ObjectX
actually have a portal_url method defined on it (or inherited)?

----- Original Message -----
From: "Gary Poster" <[EMAIL PROTECTED]>
Sent: Tuesday, February 05, 2002 11:36 AM
Subject: [Zope-dev] acquisition, traversal, __roles__(, and zpt?)

> Hi everyone.
> OK.  I'm stumped.  I'm doing funky tricks here to create an alias
> functionality somewhat similar to a transparent folder.  In the belief
> brevity begets more possibility for answers, I won't tell you more, but
> get straight to the chase:
> Zope 2.5, CMF 1.2 (but I'm using the dev list rather than the ptk or zpt
> lists because it has to do with internals more, I think)
> During traversal, I have (intentionally) created an acquisition chain like
> this:
> <pageTemplate> <OBJECT X> <CMF root> <Zope root> <request>
> in which <OBJECT X> is an "alien" object inserted after the CMF root.  By
> alien I mean it is not an actual child of the CMF root, nor the actual
> parent of the pageTemplate.  The pageTemplate itself is arbitrarily stored
> *outside* of the CMF, and also inserted during traversal.  <OBJECT X> was
> unwrapped (aq_base) and then wrapped __of__(<CMF root>), and the
> pageTemplate also unwrapped and then wrapped __of__(<OBJECT X>).
> Everything seems mostly fine with this with basic DTML stuff, even so far
> the DTML using CMF skins.  However, ZPT pages give me security errors if I
> try to use a skin.
> I have traced this down, through the
> Products.PageTemplates.Expressions.RestrictedTraverse function, through
> security validation, to the fact that if the page template asks for an
> object like "nocall here/portal_url", and then traverses to get the
> portal_url, the portal_url is found but has no __roles__.
> __roles__ appear to be deep magic (AccessControl.PermissionRole).  I don't
> quite understand how this property exists: I figure it must also have
> functional elements in the C acquisition code somewhere (which I have not
> worked through).
> <OBJECT X> has both __allow_access_to_unprotected_subobjects__ and
> security.declareObjectPublic().  I've tried not removing the "real"
> of <OBJECT X> and the page template, to no avail.
> Heh.  Any ideas?
> Thanks
> Crazy Gary
> _______________________________________________
> Zope-Dev maillist  -  [EMAIL PROTECTED]
> **  No cross posts or HTML encoding!  **
> (Related lists -
> )

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to