[Grok-dev] five.grok ZopeTwoDirectoryResource and security

Martin Aspeli optilude+lists at gmail.com
Mon Mar 23 05:01:01 EDT 2009

Sylvain Viollon wrote:
> Le Fri, 20 Mar 2009 13:34:11 +0900,
> Martin Aspeli <optilude+lists at gmail.com> a écrit :
>> Hi again,
>   Hello,
>> Sorry for the flood of little issues...
>> I am using an auto-registered 'static' directory in my package. This 
>> works when I traverse to it via URL 
>> (http://example.com/siteroot/++resource++my.package/foo.css).
>> However, in Plone, the ResourceRegistries has some code that attempts
>> to do an 'exists:' path expression on the resource to decide whether
>> to include it when the CSS is cooked into a single stylesheet. This
>> returns false.
>> I found the cause though: If I try to do path-traverse to 
>> portal/++resource++my.package/foo.css, I get an Unauthorized
>> exception: "the container has no security assertions". "The
>> container" here is the ZopeTwoDirectoryResource.
>> This does not happen with a <browser:resourceDirectory /> registered
>> in ZCML.
>   Could you make a launchpad issue ? It will be the first one:
>   https://bugs.edge.launchpad.net/five.grok
>   I can look at it / and fix it (or you can do it if you want).



I don't know when I'll have time to revisit this, so if you can, that'd 
be great.


Author of `Professional Plone Development`, a book for developers who
want to work with Plone. See http://martinaspeli.net/plone-book

More information about the Grok-dev mailing list