Hash: SHA1

Antonio Beamud Montero wrote:
> Hi all:
> I'm using Zope 2.7. I have created a product that inherits from Folder.
> The security assertions are::
> security = ClassSecurityInfo()
> security.declareObjectProtected('View management screens')
> But I need to publish some ZPT methods public. I have declared them:
>     security.declarePublic('my_stations')
>     my_stations = PageTemplateFile('wsdl/my_stations.wsdl.zpt',
> globals())
>     my_stations.content_type = 'text/xml'
> And 'wsdl/my_stations.wsdl.zpt' has only a reference to absolute_url in:
> -------------------
> ...
>  <port binding="tns:StationsBinding" name="port">
>             <soap:address tal:attributes="location here/absolute_url"
> location="http://localhost:8000/ccx/StationsService"/>
>         </port>
> ...
> The problem is trying to access to this method as anonymous user gives
> me:
> ----------------------------------------------------------------
> ...
> Module Products.PageTemplates.Expressions, line 189, in _eval
> Module Products.PageTemplates.Expressions, line 145, in _eval
> __traceback_info__: here
> Module Products.PageTemplates.Expressions, line 323, in restrictedTraverse
> __traceback_info__: {'path': [u'absolute_url'], 'TraversalRequestNameStack': 
> []}
> Module Shared.DC.Scripts.Bindings, line 176, in __getattr__
> Module Shared.DC.Scripts.Bindings, line 182, in __you_lose</li>
> Unauthorized: Not authorized to access binding: context (Also, an error 
> occurred while attempting to render the standard error message.)
> ----------------------------------------------------------------
> With other methods declared publics all works ok (like published via SOAP)... 
> Can any one help me?

Your template uses 'here', which is and alias for the 'context' binding,
i.e. the object through which the template was acquired.  That object
has permission settings which prevent anonymous access *to the object*,
which makes its use in a path expression impossible, even though the
'absolute_url' method of that object *would* be accessible by anonymous.

If this template needs to be renderable by anonymous users even for
contexts to which they do not have access, then you can give the
template a proxy role which *does* have access.  Use with caution, and
double check that the template won't expose any data which *should* be

- --
Tres Seaver          +1 202-558-7113          [EMAIL PROTECTED]
Palladion Software   "Excellence by Design"    http://palladion.com
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org


Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to