It turned out that the problem was the viewlet manager. It was using the zope.viewlet.manager instead of the Five.viewlet.manager baseclasses. Once I changed the viewlet manager it worked fine.
Kevin > I am getting a ForbiddenAttribute error on 'render' when I try to display > a viewlet in my Zope2 application. > > I am running zope 2.11.2 + Five. I am currently working on integrating > grok + z3c.form into our stack. > > I have security a problem configuring the > z3c.formjs.interfaces.IDynamicJavaScript viewlet. > > The viewlet configuration (in z3c.formjs) seems standard... > > <browser:viewlet > name="z3c.formjs.subscriptions" > manager=".interfaces.IDynamicJavaScript" > view="z3c.formjs.interfaces.IHaveJSSubscriptions" > class="z3c.formjs.jsevent.JSSubscriptionsViewlet" > permission="zope.Public" > layer="z3c.form.interfaces.IFormLayer" > /> > > The viewlet is very standard. > > When I run the system, the viewlet is wrapped using the > Products.Five.viewlet.metaconfigure functionality to provide a wrapped > viewlet. > > However, when I run the application, I get this error... > > Module zope.viewlet.manager, line 107, in update > Module zope.viewlet.manager, line 85, in filter > Module zope.security.checker, line 134, in canAccess > ForbiddenAttribute: ('render', > <Products.Five.viewlet.metaconfigure.JSSubscriptionsViewlet object at > 0x84c0410>) > > It appears to me that, at runtime, an incorrect 'checker' is being picked > up. I believe that I should be seeing a call to > Products/Five/security.py:checkPermission, but I believe I am picking up a > different checker. > > I cannot seem to debug the checker, even though I set > security-policy-implementation python in the zope.conf. > > Other (possibly) relevant information... > > (Pdb) adapter.__class__ > <class 'Products.Five.viewlet.metaconfigure.JSSubscriptionsViewlet'> > > (Pdb) from Products.Five.security import getSecurityInfo > (Pdb) getSecurityInfo(adapter.__class__) > {'render__roles__': None, 'update__roles__': None, '__roles__': None, > '__ac_permissions__': ()} > > (Pdb) from zope.security.management import thread_local > (Pdb) thread_local.interaction > <Products.Five.security.FiveSecurityPolicy object at 0x84c0650> > > > _______________________________________________ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users