[Grok-dev] Authorization issue With grokproject created instance and wsgi

Uli Fouquet uli at gnufix.de
Fri Mar 6 13:42:21 EST 2009


Hi there,

Martijn Faassen wrote:

> It's all very nice you are continuing with a workaround, but we don't 
> want a workaround.

I am not sure about that. I'd agree, that the workaround does not fix
the bug, but it can be okay as a convenience feature.

> Unauthorized errors should be supported fully by Grok. grokui.admin 
> doesn't sound broken, Grok does.
> 
> Not supporting Unauthorized exceptions is a bug. Let's fix the bug. 
> Remove the debugger if we can't fix it.

Hm, I do not understand completely what "support Unauthorized
exceptions" actually means. It sounds like: "make it work like Grok-less
Zope". But is this really a Grok-specific behaviour?

I am pretty sure (though I did not examine in detail) that a
`zopeproject` generated project behaves like a `grokproject` generated
one in that respect. Just try to call '@@contents.html' of a
`zopeproject` with a paste powered debugger enabled: here also the same
will happen as with Grok's 'index' page or other protected views.

Given that, for me Grok doesn't sound broken, Zope does (or the repoze
debugger).

Fixing Grok here would therefore mean IMHO, that we had to tweak the
publisher (making it even more incompatible with the default publisher).
This also looks like a workaround, though it might be acceptable.

Furthermore removing the debugger would basically mean to remove the
``debug.ini`` from grokproject generated projects, right? No one could
be stopped from creating it manually and then the same problem would
occur. Removing ``debug.ini`` therefore looks a bit like hiding away the
problem to me (beside this it basically works and I simply like this
tool :-)

The latter (hiding away the problem) is certainly true for the
grokui.admin-workaround. I've undone the changes.

Best regards,

-- 
Uli

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://mail.zope.org/pipermail/grok-dev/attachments/20090306/69240643/attachment.bin 


More information about the Grok-dev mailing list