[Zope] Question on __roles__

Chris Withers chrisw@nipltd.com
Wed, 03 Jan 2001 15:00:20 +0000


Cees de Groot wrote:
> 
> I've tried to trace down what happens, and found that ZPublisher.BaseRequest
> has a funny bit: when trying to find out the necessary roles on an object,
> it first tries to get the attribute '__roles__' on the subobject, and then
> combines the current entry name plus '__roles__' and tries to get that from
> the subobject. However, it seems to me that the latter getattr() needs to be
> done on the object, not the subobject - at least, my tracing seems to indicate
> that if it walks down, say 'Customer/53/index_html', that at a certain moment
> during the traversal
> 
>     object = <Customer instance>
>     subobject = <Python method>
>     entry_name = 'index_html'
> 
> Here, looking up "index_html__roles__" in the subobject, the index_html
> method, doesn't seem to be very useful - it is expected to be found on
> the containing Customer instance. And indeed, if I change line 386 in
> BaseRequest.py from:
> 
>     roles = getattr(subobject, entry_name+'__roles__', roles)
> 
> to:
> 
>     roles = getattr(object, entry_name+'__roles__', roles)
> 
> things work as I expect them to work.
> 
> As this is such a core piece of Zope, it seems quite unlikely to me
> that I found a bug here (although an older version of ZPublisher does
> check object instead of subobject). The only thing I can think of is
> that Acquisition should work for the getattr() and somehow I managed
> to disable Acquisition on these instances.

This sounds like a bug to me. I've had very similar problems to this
with Squishdot.

> > Jim Fulton wrote:
> > >
> > > Chris Withers wrote:
> > > >
> > > >         self.id = id
> > > >         self.title = 'Title!'
> > > >         self.anInt = 0
> > > >         self.aString = 'testing'
> > > >
> > > None of the
> > > values above can have a __roles__ attribute, so they are covered
> > > by assertions made in their containers.

Jim,

This thread might well be the same problem, if it was looking for roles
on the subobject, and the subobject is Acquisition.Explicit or not
Acquisition subclassing at all, it wouldn't find any roles there and
wouldn't get the ones on the object through acquisition, hence raising
the Authentication box that was causign problems in Squishdot.

Here's the other threads on the problem for a bit more context:
http://zope.nipltd.com/public/lists/dev-archive.nsf/Main?SearchView=&Query=RFClarification
http://zope.nipltd.com/public/lists/dev-archive.nsf/Main?SearchView=&Query=__ac_permissions__
http://zope.nipltd.com/public/lists/dev-archive.nsf/ByKey/5177D01752683CA1

Does this all make any sense or have I lost the plot again?

cheers,

Chris