Hello Zope Listers

We've been working on a Zope web app which has been built and running on Zope 
2.7.0 for over 2 years now. Recently I've been trying to move it to Zope 
2.9.4 but have encountered some severe difficulties with a couple (at least) 
of monkey patches that are essential to our app and which worked fine with 
the earlier version.

Here's a synopsis of what I'm doing (PF2 is the code name of the app)


from AccessControl.User import SpecialUser 

class PF2SpecialUser( SpecialUser ):
    """ a "pretend" subclass of SpecialUser """

    def PF2SpecialUser_allowed( self, object, object_roles=None ):
        """ reimplementation of allowed() for PF2 """

                    # if we're not anon, we must be superuser, so do the
                    # normal SpecialUser.allowed() stuff (see patching below)
        if self.getUserName() != 'Anonymous User':
            return self.PF2Superuser_allowed( object, object_roles )

                    # else we're anonymous - do our special handling which
                    #    basically allows the anonymous role to be assigned
                    #    arbitrary perms at any point in the folder hierarchy

        # more code here - return True if anon user can access object

# now the monkey patching - ooh ooh eeeek ooh

                    # save original method for use by superuser 
                    #    (see PF2SpecialUser.PF2SpecialUser_allowed)
    PF2SpecialUser.PF2Superuser_allowed = SpecialUser.allowed
                    # replace with our custom method
    SpecialUser.allowed = PF2SpecialUser.PF2SpecialUser_allowed


As I said, with 2.7.0 this all works fine and dandy, but with 2.9.4 I get this 
error when trying to access (say) a Page Tempplate as the anonymous user:

"unbound method PF2SpecialUser_allowed() must be called with PF2SpecialUser 
instance as first argument"

Investigating in more detail, I switched to the Python security 
implementation. As an experiment, based on research, I changed line 437 of 
AccessControl/ImplPython.py from...

            if self._authenticated and context.user.allowed(value, roles):


            if self._authenticated and \ 
                  context.user.allowed.im_func(context.user, value, roles):

to sidestep the type checking of the self argument. This does indeed prevent 
the above error, but its not a good solution at all (its not in C), and I'm 
sure its incomplete - there are other places where allowed() gets called.

Has anyone got any smart ideas as to how I can accomplish my goal with Zope 
2.9.4 and with minimal changes to our code? If its necessary I'm happy for us 
to run with minor modifications to "core" zope (we already have one or two in 
place already).

Also, if anyone can tell me exactly what it is that's caused this new 
behaviour then I'd be really grateful since I've not been able to figure it 
out myself.

Thanks in advance for any help anyone can offer.


Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to