Hi,I recently moved my webapp from z3.3.1 tarball to all eggs. It's working
great except for my
securitypolicy, which seems to sort of half-work. For example, earlier an
authenticated member
could view http://myhost/mysite/@@footest.html with and without the "@@" but
now it's only viewable
with them. It's hard to pinpoint what does work and what doesn't but for
authenticated users, most
actions will redirect (but shouldn't) to the loginform. Security checks for
unauthenticated users seem to work as
before without problems (they can have the foo.Visitor role defined in my

In my tarball version I've setup authentication and user management pretty
much like in the latest
Worldcookery book. I.e, security settings in my package's roles.zcml and
permissions.zcml, and
a grant of the "foo.Visitor" role the zope.anybody principal in

In my sandbox the grant of the old etc/principals.zcml was put at the end in
site.zcml. At first I got
a deprecation warning on zope.app.securitypolicy but it was easily solved by
zope.securitypolicy instead. I later, of course, updated configuration.zcmland
setup.py to use
zope.securitypolicy instead (with file="meta.zcml"). Another deprecation I
got was for zope.configuration:

DeprecationWarning: ZopeSecurityPolicy is deprecated. It has moved to
zope.securitypolicy.zopepolicy  This reference will be removed somedays
  obj = getattr(mod, oname)

Not sure if this is what's causing my authenticated users to fail on
accessing stuff that should
be accessible. I'm kind of stumped because don't really know what to do :)

Let me know if you need any more info


BTW, here's how i setup my sandbox:
$ python virtualenv env
$ cd env
$ ./bin/easy_install zopeproject
$ ./bin/easy_install zc.buildout
$ ./bin/zopeproject --no-buildout Hello
$ cd Hello
$ (Add the package index and comment out find-links):
    #find-links = http://download.zope.org/distribution/
    index = http://download.zope.org/zope3.4
$ ../bin/buildout bootstrap
$ ./bin/buildout

I also tried it with letting zopeproject handle the buildout and using the
default find-links in
buildout.cfg but I end up with the same problems
Zope3-users mailing list

Reply via email to