Discussion:
[Zope3-Users] Security declarations on OOBTreeItems
hass
2010-03-31 15:34:03 UTC
Permalink
Hello all,

I'm experiencing a problem with security declarations in OOBTreeItems.
The following setting which used to worked with an older version of
zope.security failed after upgrading to 3.7.2.

$$.py
-------------------
class IPDFProfileHolder(IFolder):
""" """

class PDFProfileHolder(Folder):
implements(IPDFProfileHolder)


$$.zcml
------------------
<interface interface=".IPDFProfileHolder"/>

<class class=".PDFProfileHolder">
<implements
interface="zope.annotation.interfaces.IAttributeAnnotatable"/>
<require permission="pdfprofile.view" interface=".IPDFProfileHolder" />
<require permission="pdfprofile.edit"
set_schema=".IPDFProfileHolder" />
</class>


the error occurs in a view when I try to see if a filename is already in
self.context.keys():
------------------
File "pdfprofile/browser.py", line 151, in extractData
if data['filename'] in self.context.keys():
ForbiddenAttribute: ('__contains__', <OOBTreeItems object at 0xb71c7570>)

Now I believe I have correct declarations on the self.context. The
problem only arises when I try to look inside the self.context.keys()
which is a OOBTreeItems object.

When I try to check the security declarations, I get an empty list
meaning no declarations at all.
from zope.security.proxy import getTestProxyItems
getTestProxyItems(self.context.keys())
[]
Do I have to declare them myself? shouldn't these declarations come as
default?
Thanks a lot in advance for any help!
Cheers, Hass
Marius Gedminas
2010-03-31 18:47:13 UTC
Permalink
Post by hass
I'm experiencing a problem with security declarations in OOBTreeItems.
The following setting which used to worked with an older version of
zope.security failed after upgrading to 3.7.2.
What version did you use before?

<...snip...>
Post by hass
the error occurs in a view when I try to see if a filename is already in
------------------
File "pdfprofile/browser.py", line 151, in extractData
ForbiddenAttribute: ('__contains__', <OOBTreeItems object at 0xb71c7570>)
You could use

if data['filename'] in self.context:

instead, and avoid the OOBTreeItems completely.
Post by hass
Now I believe I have correct declarations on the self.context. The
problem only arises when I try to look inside the self.context.keys()
which is a OOBTreeItems object.
When I try to check the security declarations, I get an empty list
meaning no declarations at all.
I don't think I remember zope.security (and zope.app.security before
that) ever declaring permissions for OOBTreeItems...
Post by hass
from zope.security.proxy import getTestProxyItems
getTestProxyItems(self.context.keys())
[]
Do I have to declare them myself? shouldn't these declarations come as
default?
Good question. I don't see why not.

Regards,
Marius Gedminas
--
if (Match.FileMatch(F) == true && Fixed[F->ID] == false)
-- apt-pkg/policy.cc (apt 0.5.23)
hass
2010-04-01 14:53:19 UTC
Permalink
Post by Marius Gedminas
Post by hass
I'm experiencing a problem with security declarations in OOBTreeItems.
The following setting which used to worked with an older version of
zope.security failed after upgrading to 3.7.2.
What version did you use before?
<...snip...>
Post by hass
the error occurs in a view when I try to see if a filename is already in
------------------
File "pdfprofile/browser.py", line 151, in extractData
ForbiddenAttribute: ('__contains__', <OOBTreeItems object at 0xb71c7570>)
You could use
instead, and avoid the OOBTreeItems completely.
Well, I was using 3.5.0 before but that doesn't seem to be the issue
because when I check the older version, it didn't declare any permission
for OOBTreeItems as well. The thing is that I updated my whole
repository to the latest versions, so its really hard to figure out what
has caused this change of behavior across versions.
Post by Marius Gedminas
Post by hass
Now I believe I have correct declarations on the self.context. The
problem only arises when I try to look inside the self.context.keys()
which is a OOBTreeItems object.
When I try to check the security declarations, I get an empty list
meaning no declarations at all.
I don't think I remember zope.security (and zope.app.security before
that) ever declaring permissions for OOBTreeItems...
Post by hass
from zope.security.proxy import getTestProxyItems
getTestProxyItems(self.context.keys())
[]
Do I have to declare them myself? shouldn't these declarations come as
default?
Good question. I don't see why not.
My problem was solved by using "if 'something' in self.context" instead
of "if 'something' in self.context.key()".
Thanks alot! But is there basically no other standard use-case scenario
of OOBtreeItems imaginable?
Is that why the declarations are not being made by default? just wondering.

Thanks again!
Hass
Post by Marius Gedminas
Regards,
Marius Gedminas
------------------------------------------------------------------------
_______________________________________________
Zope3-users mailing list
https://mail.zope.org/mailman/listinfo/zope3-users
Loading...