[Zope] Module security assertions fail

Dieter Maurer dieter at handshake.de
Sat May 1 14:46:27 EDT 2004


Josef Albert Meile wrote at 2004-5-1 17:31 +0200:
> ...
>I have two packages "TranslationUtils" and "JMZPTMacros", which I want to 
>use from a zope product. I have implemented the module and class security 
>assertions as indicated on the Zope Developer's Gide, but I got always an 
>Unauthorized error (see the traceback attached at the bottom of this 
>message).
> ....
>----->Begin of MyInstanceHome/Products/JMUtils/TranslationUtils.py
>
>from AccessControl import ModuleSecurityInfo
>security=ModuleSecurityInfo()
>
>security.declarePublic('checkTranslationService')
> ...
>  Module Products.PageTemplates.Expressions, line 340, in restrictedTraverse
>   - __traceback_info__: {'path': ['Products', 'JMUtils', 
>'TranslationUtils'], 'TraversalRequestNameStack': []}
>Unauthorized: You are not allowed to access 'TranslationUtils' in this 
>context

"ModuleSecurityInfo" is really convoluted and difficult to grasp.

Try to replace:

    security=ModuleSecurityInfo()
    security.declarePublic('checkTranslationService')

by:

    security=ModuleSecurityInfo('Products.JMUtils.TranslationUtils')
    security.declarePublic('checkTranslationService')

If necessary, also add 

    ModuleSecurityInfo('Products').declarePublic('JMUtils')
    ModuleSecurityInfo('Products.JMUtils').declarePublic('TranslationUtils')


Ensure that "TranslationUtils" is imported by your "__init__".
Otherwise, security declaration defined inside "TranslationUtils.py"
are not executed and therefore do not take effect.

-- 
Dieter



More information about the Zope mailing list