[Zope] [2nd try] dtml-tree causing authorization errors

yves@njc.ch yves@njc.ch
Tue, 23 Jan 2001 05:16:28 +0100 (CET)


[ I accidentally sent the last mail before I completed it... Sorry ]


I've stumbled upon a strange problem with dtml-tree in version 2.2.5 (the
problems occurs in the same way in any of the 2.2.x version), but didn't exhibit
itself in 2.1.6:

Here's some (very) crude code to generate a tree object:

-------------
class Tree:
    def __init__(self, val='top'):
        self.name = val
        self.tpId = val

    def tpValues(self):
        tlist = []

        for i in range(8):
            tlist.append(Tree('me: %s' % i))

        return tlist

def build():
    return Tree()
--------------

Now if I attach this to an "External Method" called "mytree" which references
the function "build()", and I write the following DTML:

-----
<dtml-tree mytree>
  <dtml-var name>
</dtml-tree>
-----

In version 2.1.6, I obtain a tree, it's composed of 8 items and each expands
into 8 more, etc...

If I do the same thing in version 2.2.5, I get an authentication failure... even
though I'm logged on as superuser or an admin user... I've tried this on a fresh
install to ensure nothing gets in the way. The error I get is:

------------
Zope Error

  Zope has encountered an error while publishing this resource. 

  Unauthorized

  Sorry, a Zope error occurred.

  Traceback (innermost last):
    File /home/zope/Zope-2.2.5-src/lib/python/ZPublisher/Publish.py, line 222,
in publish_module
    File /home/zope/Zope-2.2.5-src/lib/python/ZPublisher/Publish.py, line 187,
in publish
    File /home/zope/Zope-2.2.5-src/lib/python/ZPublisher/Publish.py, line 171,
in publish
    File /home/zope/Zope-2.2.5-src/lib/python/ZPublisher/mapply.py, line 160, in
mapply
      (Object: toto)
    File /home/zope/Zope-2.2.5-src/lib/python/ZPublisher/Publish.py, line 112,
in call_object
      (Object: toto)
    File /home/zope/Zope-2.2.5-src/lib/python/OFS/DTMLMethod.py, line 172, in
__call__
      (Object: toto)
    File /home/zope/Zope-2.2.5-src/lib/python/DocumentTemplate/DT_String.py,
line 528, in __call__
      (Object: toto)
    File /home/zope/Zope-2.2.5-src/lib/python/TreeDisplay/TreeTag.py, line 154,
in render
      (Object: mytree)
    File /home/zope/Zope-2.2.5-src/lib/python/TreeDisplay/TreeTag.py, line 260,
in tpRender
    File /home/zope/Zope-2.2.5-src/lib/python/TreeDisplay/TreeTag.py, line 514,
in tpRenderTABLE
      (Info: (['top', []], {'id': 'tpId', 'childless_decoration': '', 'name':
'mytree', 'branches': 'tpValues', 'url': 'tpURL', '': 'mytree'}, (['top', []],),
(['top', []],)))
    File /home/zope/Zope-2.2.5-src/lib/python/TreeDisplay/TreeTag.py, line 431,
in tpRenderTABLE
    File /home/zope/Zope-2.2.5-src/lib/python/OFS/DTMLMethod.py, line 194, in
validate
      (Object: toto)
    File /home/zope/Zope-2.2.5-src/lib/python/AccessControl/SecurityManager.py,
line 139, in validate
    File
/home/zope/Zope-2.2.5-src/lib/python/AccessControl/ZopeSecurityPolicy.py, line
159, in validate
  Unauthorized: name
--------------

So it's looking like it's breaking because of the Security enhancements made in
2.2.x, but why isn't it letting me access the "name" attribute? How am I
supposed to bypass this authorization process?

 ..Yves