[Zope-DB] Re: [egenix-users] Permission woes

Charlie Clark charlie at egenix.com
Tue Apr 6 10:25:12 EDT 2004

Dear Todd,

sorry for our delay in replying to this. I'm also cc'ing it to the Zope-DB 
list as it might be of interest to users there as well.

The reason is that the objects in question (DatabaseConnection objects 
returned by the ZopeConnect object) do not define any security information 
and Zope then restricts access by default.

There are three solutions to this:

1) the standard Zope approach
  from Products.ZSELMethods.SQL import SQL
  methodId = 'sqlListEmployees'
  setattr(self, methodId, SQL(methodId, '', 'employeesDB', 'Select * FROM     
  result =self.sqlListEmployees()

which will work with any ZopeDA

2) adjusting security settings to allow PythonScripts to do this kind of 
thing. As this isn't to be encouraged as it applies to all PythonScripts we 
won't give the details here.

3) Use an external Method. This has the advantage of being much finer grained 
conrtol than allowing all PythonScripts to do something but done properly is 
nearly as flexible.

Create a file in ~/Extensions say ODBC_SQL.py

This is essentially needs only one function:

def callSQL(connectionObject, statement):
	conn = connectionObject.database_connection()
	return conn.execute(statement)

Create an external method say SQL which points to callSQL in ODBC_SQL

You can then call this method from any PythonScript and simply pass it the 
connection and statement you want to execute.

In your case the PythonScript needs only to be modified slightly, depending 
on what you want to.

statement = """select [Building ID] from [Buildings]
 where [Building Name] = ?""", building)[1]
columns, results = context.SQL(container.crc_db, statement)

Hope that helps.

Charlie Clark

On 2004-03-31 at 17:52:11 [+0200], todd wrote:
> My configuration:
>  Windows XP
>  Zope 2.7.0
>  egenix-mxodbc-zopeda-1.0.8.win32-py2.3.zip
> I created an mxODBC Database Connection (called "crc_db") to an existing
> Access database. I created Z SQL Methods and sucessfully called them from a
> Python script. However, I can't get .execute() to work on a connection. Here
> is the code portion that's giving me problems:
> connection = container.crc_db.get_connection()
> building_rowset = connection.execute('select [Building ID] from [Buildings]
> where [Building Name] = ?', building)[1]
> Whenever this code runs, a dialog box pops up in the web browser asking the
> user to log in. The dialog doesn't accept my Zope account (user todd).
> Escaping from the dialog produces this message:
> Error Type: Unauthorized
> Error Value: You are not allowed to access 'execute' in this context
> I tried giving the script the Manager and Owner proxy roles, but this didn't
> change the behavior. The script, the connection, and the containing folder 
> all
> belong to user todd.
Charlie Clark

Professional Python Services directly from the Source
 >>> Python/Zope Consulting and Support ...        http://www.egenix.com/
 >>> mxODBC.Zope.Database.Adapter ...             http://zope.egenix.com/
 >>> mxODBC, mxDateTime, mxTextTools ...        http://python.egenix.com/

::: Try mxODBC.Zope.DA for Windows,Linux,Solaris,FreeBSD for free ! ::::

More information about the Zope-DB mailing list