[BlueBream] Strange effect with @@view calling

Dr. Volker Jaenisch volker.jaenisch at inqbus.de
Tue Mar 30 21:02:07 EDT 2010 

Hello BlueBream List!

I am new to Bluebream but I programmed in Python/Plone/Zope/
for some years. Thank you a lot for bringing up Zope3 to live again!

Currently I got a strange effect calling a view in my bluebream project.

A) If I call it like this http://../engine/index
it works without problems .

B) If I call it like this http://../engine/@@index
I got a stacktrace which ends in a forbiddenAttribute error.

The view itself is trivial:

class BookingEngineDefaultView(BrowserView):
    """Default view for a booking engine"""

    def update(self):
        import pdb; pdb.set_trace()

Suppose the following Model
zope-root -> engine -> Product
where Product has an attribute "name".

The view just uses a pagetemplate that does:

     <li tal:repeat="products context/values">
      <a tal:attributes="href products/@@absolute_url"
         tal:content="python:products.name">Name</a>

In Case B) the following stacktrace results:

*Line 10, Column 6*
*In expression: <PythonExpr (products.name)>*

   - Names:
      {'args': (),
       'context': <inqbus.booking.engine.app.BookingEngine object at 0xa43ca2c>,
       'default': <object object at 0xb7547680>,
       'loop': {},
       'nothing': None,
       'options': {},
       'repeat': {},
       'request': <zope.publisher.browser.BrowserRequest instance URL=http://127.0.0.1:8080/++skin++Booking/engine/@@index>,
       'template': <z3c.ptcompat.ViewPageTemplateFile object at 0xa2bd96c>,
       'view': <z3c.pagelet.zcml.BookingEngineDefaultView object at 0xa550d2c>,
       'views': <zope.browserpage.viewpagetemplatefile.ViewMapper object at 0xa5c306c>}


Module zope.tales.tales:*696* in |evaluate|         
<http://127.0.0.1:8080/++skin++Booking/engine/@@index#>
|<<  <http://127.0.0.1:8080/++skin++Booking/engine/@@index#>        
__traceback_supplement__ = (
               TALESTracebackSupplement, self, expression)
            return expression(self)
   
        evaluateValue = evaluate||>>  
<http://127.0.0.1:8080/++skin++Booking/engine/@@index#>*return* 
expression*(*self*)*|

(products.name)


Module zope.tales.pythonexpr:*59* in |__call__|         
<http://127.0.0.1:8080/++skin++Booking/engine/@@index#>
|<<  <http://127.0.0.1:8080/++skin++Booking/engine/@@index#>        
__traceback_info__ = self.text
            vars = self._bind_used_names(econtext, __builtins__)
            return eval(self._code, vars)
   
        def __str__(self):||>>  
<http://127.0.0.1:8080/++skin++Booking/engine/@@index#>*return* 
eval*(*self*.*_code*,* vars*)*|
Module ?:*1* in |<module>|         
<http://127.0.0.1:8080/++skin++Booking/engine/@@index#>
*ForbiddenAttribute: ('name', <inqbus.booking.classes.product.Product 
object at 0xa35c5cc>)*


I am wondering:
* Why do the similiar URLs that lead to the same view (prooved by pdb)
with the same principal (zope.Manager, prooved by pdb) lead to different 
results.
* How could it be, that a forbiddenAttribute error is raised if I work 
as Zope.Manager that has
a grantAll Permission.

The effect is independed of the type of the view. I tried pagelet-Style 
and BrowserView-Style with the some
outcome.

My guess is, that the B) URL results in a more paranoid security 
checking than the A) URL.
But if this is the case, is this behavior the correct one?

Any hints welcome. In the appendix you find the relevant ZCML

Best Regards

Volker


<!-- booking engine default view -->
  <browser:defaultView
     for="..interfaces.IBookingEngine"
     name="index"
    layer=".layer.IBookingBrowserLayer"
     />

<!-- booking engine default view -->
  <z3c:pagelet
     for="..interfaces.IBookingEngine"
     name="index"
     permission="zope.ManageContent"
     layer=".layer.IBookingBrowserLayer"
     class=".views.BookingEngineDefaultView"
     />

<!-- template for booking engine default view -->
<z3c:template
    template="frontpage.pt"
    for=".views.BookingEngineDefaultView"
    layer=".layer.IBookingBrowserLayer"
    />

<!-- menu item for booking engine default view -->
<browser:viewlet
    name="View booking engine"
    viewURL="@@index"
    for="zope.app.component.interfaces.ISite"
    manager=".skin.INavigationMenu"
    class="z3c.menu.simple.menu.GlobalMenuItem"
    layer=".layer.IBookingBrowserLayer"
    permission="zope.ManageContent"
    weight="1"
    />


-- 
====================================================
   inqbus it-consulting      +49 ( 341 )  5643800
   Dr.  Volker Jaenisch      http://www.inqbus.de
   Herloßsohnstr.    12      0 4 1 5 5    Leipzig
   N  O  T -  F Ä L L E      +49 ( 170 )  3113748
====================================================

More information about the bluebream mailing list