[Zope] ZClass permissions

Ross Patterson rossp@ppc.ucsc.edu
Thu, 14 Feb 2002 11:09:30 -0800 (PST)


Okay so the offending action is somewhere in the editArticle() method.
So now you need a traceback from calling the editArticle() method
directly on the test object, IOW outside of any DTML so that you can
get the traceback from the method itself.

you can do this with a url like http://*.*.*/*/*/test/editArticle, but
I'll be the editArticle method takes arguments that it doesn't have
defaults for.  So find out what those arguments are, then add a python
script above test (root is fine, it will acquire), perhaps called
check, containing:

return context.editArticle( arg1=value, arg2=value, arg3=value... )

keep in mind the types of the values and such.  If you don't have docs
for the method arguments, then find the method definition in the
source and look there.

Then call your check script on the test object like
http://*.*.*/*/*/test/check.  Then look at the traceback you get from
that.  It will tell you where in the editArticle() method the problem
is.  The you can look at the editArticle() source at that line and
find out exactly what permission your ZCLass is missing that it needs.

Of course, as I've said, this is the long road that yields greater
understanding.  These are processes that took me a while to figure out
on my own so I'm posting them so maybe someone else can find them in
the archive.

I suspect that editArticle() modifies properties of the test object.
So you probably could just set the manage properties permission in
your ZClass' Define Pemissions management tab to manage properties and
be done with all this.

On Thu, 14 Feb 2002, Tom Nixon wrote:

> Thanks for your help, Ross.
>
> Here's the traceback. Are there any clues? I don't really understand
> what I am looking at.
>
> Traceback (innermost last):
>   File C:\PROGRA~1\Zope\lib\python\ZPublisher\Publish.py, line 150, in
> publish_module
>   File C:\PROGRA~1\Zope\lib\python\ZPublisher\Publish.py, line 114, in
> publish
>   File C:\PROGRA~1\Zope\lib\python\Zope\__init__.py, line 158, in
> zpublisher_exception_hook
>     (Object: test)
>   File C:\PROGRA~1\Zope\lib\python\ZPublisher\Publish.py, line 98, in
> publish
>   File C:\PROGRA~1\Zope\lib\python\ZPublisher\mapply.py, line 88, in
> mapply
>     (Object: editArticle)
>   File C:\PROGRA~1\Zope\lib\python\ZPublisher\Publish.py, line 39, in
> call_object
>     (Object: editArticle)
>   File C:\PROGRA~1\Zope\lib\python\OFS\DTMLMethod.py, line 127, in
> __call__
>     (Object: editArticle)
>   File C:\PROGRA~1\Zope\lib\python\DocumentTemplate\DT_String.py, line
> 473, in __call__
>     (Object: editArticle)
>   File C:\PROGRA~1\Zope\lib\python\DocumentTemplate\DT_Util.py, line
> 153, in eval
>     (Object: form.header())
>     (Info: form)
>   File C:\PROGRA~1\Zope\lib\python\AccessControl\DTML.py, line 29, in
> guarded_getattr
>     (Object: editArticle)
>   File C:\PROGRA~1\Zope\lib\python\AccessControl\ZopeGuards.py, line 58,
> in guarded_getattr
>     (Object: test)
>   File C:\PROGRA~1\Zope\lib\python\AccessControl\ZopeGuards.py, line 40,
> in aq_validate
>     (Object: test)
>   File C:\PROGRA~1\Zope\lib\python\AccessControl\SecurityManager.py,
> line 83, in validate
>   File C:\PROGRA~1\Zope\lib\python\AccessControl\ZopeSecurityPolicy.py,
> line 188, in validate
> Unauthorized: (see above)
>
> > -----Original Message-----
> > From: zope-admin@zope.org [mailto:zope-admin@zope.org] On
> > Behalf Of Ross Patterson
> > Sent: 14 February 2002 16:59
> > To: Tom Nixon
> > Cc: zope@zope.org
> > Subject: RE: [Zope] ZClass permissions
> >
> >
> > Do this:
> >
> > Make sure your authenticated as a manager, i.e. that you can
> > view the management pages.  THEN try and view the "Edit"
> > management tab of your instance and click cancel when it
> > prompts you for authentication. You'll then get an error page
> > with a traceback in the source for the page.  The dtml
> > traceback will tell you what method you call in your dtml is
> > causing the problem.  Then you can try calling that method
> > directly and you can use that traceback to see where in that
> > method the problem is.  Then you can look at the source for
> > that method, go to the line number given in the method
> > traceback, and that should give you an indication what in
> > your ZClass the method is trying to access that it can't.
> > Then you can fix the problem in the Define Permissions ZClass
> > management tab.
> >
> > But that would be the precise way that takes longer but
> > yields a greater understanding.  You could just map
> > permissions to themselves in the Define Permissions tab one
> > by one until it works.
> >
> > On Thu, 14 Feb 2002, Tom Nixon wrote:
> >
> > > Hi Ross
> > >
> > > The method contains the following code, copied straight from the
> > > Formulator HOWTO. Any ideas what permissions need to be set, and
> > > where?
> > >
> > > <dtml-var standard_html_header>
> > >
> > >       <!-- show the header of the form, using 'Form action' and
> > >         'Form method' form settings (<form action="..."
> > method="...">)
> > >         -->
> > >       <dtml-var "form.header()">
> > >
> > >       <!-- a simple table for layout purposes -->
> > >       <table border="0">
> > >
> > >       <!-- get a list of all fields in the form -->
> > >       <dtml-in "form.get_fields()">
> > >       <!-- rename each sequence item to 'field' so they can
> > >            be used more easily -->
> > >       <dtml-let field=sequence-item>
> > >
> > >       <!-- each field will be on a line by itself -->
> > >       <tr>
> > >       <!-- display the title property of this field -->
> > >       <td><dtml-var "field.get_value('title')"></td>
> > >       <!-- render the field -->
> > >       <td><dtml-var "field.render()"></td>
> > >       </tr>
> > >
> > >       </dtml-let>
> > >       </dtml-in>
> > >
> > >       <!-- the submit button -->
> > >       <tr>
> > >       <td><input type="submit" value=" OK "></td>
> > >       </tr>
> > >
> > >       </table>
> > >
> > >       <!-- the form footer -->
> > >       <dtml-var "form.footer()">
> > >
> > >       <dtml-var standard_html_footer>
> > >
> > >
> > >
> > > > -----Original Message-----
> > > > From: Ross Patterson [mailto:rossp@ppc.ucsc.edu]
> > > > Sent: 14 February 2002 16:13
> > > > To: Tom Nixon
> > > > Cc: zope@zope.org
> > > > Subject: Re: [Zope] ZClass permissions
> > > >
> > > >
> > > > I believe it depends on the actions the method is performing.  If
> > > > you look at (or post) the method actions, you can probably guess
> > > > what permission your zclass needs enabled. Then you can go to the
> > > > "Define Permissions" tab in your ZClass management screen
> > and enable
> > > > that permission, probably by mapping it to the very same
> > permission
> > > > in the list.
> > > >
> > > > On Thu, 14 Feb 2002, Tom Nixon wrote:
> > > >
> > > > > I have created a ZClass and a new View called "Edit" which
> > > > displays a
> > > > > DTML Method containing an automatically generated
> > Formulator form
> > > > > (both situated inside the ZClass).
> > > > >
> > > > > However when I create an instance of the ZClass then click
> > > > the "edit"
> > > > > view, I am prompted to enter my username and password.
> > > > >
> > > > > If I change the DTML method to a simple "Hello World"
> > > > message it works
> > > > > fine, so it seems to be something to do with the
> > Formulator form.
> > > > >
> > > > > Obviously there is a permission problem somewhere, but
> > > > where should I
> > > > > be looking?
> > > > >
> > > > > Zope Version  (Zope 2.5.0 (binary release, python 2.1,
> > win32-x86),
> > > > > python 2.1.2, win32) Python Version  2.1.2 (#31, Jan 15 2002,
> > > > > 17:28:11) [MSC 32 bit (Intel)]
> > > > >
> > > > > System Platform  win32
> > > > >
> > > > > T.
> > > > >
> > > > >
> > > > > _______________________________________________
> > > > > Zope maillist  -  Zope@zope.org
> > > > > http://lists.zope.org/mailman/listinfo/zope
> > > > > **   No cross posts or HTML encoding!  **
> > > > > (Related lists -
> > > > http://lists.zope.org/mailman/listinfo/zope-> announce
> > > > >
> > > > http://lists.zope.org/mailman/listinfo/zope-dev
> > > > )
> > > > >
> > > >
> > > > -----------------------------------------------------------------
> > > > | Ross Patterson			rossp@cats.ucsc.edu	|
> > > > | Programmer/Analyst			(831)459-2792
> > 	|
> > > > | Physical Planning & Construction
> > Fax:(831)423-7436	|
> > > > | UC Santa Cruz
> > > > http:www2.ucsc.edu/ppc	|
> > > > -----------------------------------------------------------------
> > > >
> > >
> > >
> >
> > -----------------------------------------------------------------
> > | Ross Patterson			rossp@cats.ucsc.edu	|
> > | Programmer/Analyst			(831)459-2792		|
> > | Physical Planning & Construction	Fax:(831)423-7436	|
> > | UC Santa Cruz
> > http:www2.ucsc.edu/ppc	|
> > -----------------------------------------------------------------
> >
> >
> > _______________________________________________
> > Zope maillist  -  Zope@zope.org
> > http://lists.zope.org/mailman/listinfo/zope
> > **   No cross
> > posts or HTML encoding!  **
> > (Related lists -
> >  http://lists.zope.org/mailman/listinfo/zope-announce
> >  http://lists.zope.org/mailman/listinfo/zope-dev )
> >
>
>
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )
>

-----------------------------------------------------------------
| Ross Patterson			rossp@cats.ucsc.edu	|
| Programmer/Analyst			(831)459-2792		|
| Physical Planning & Construction	Fax:(831)423-7436	|
| UC Santa Cruz				http:www2.ucsc.edu/ppc	|
-----------------------------------------------------------------