[Zope] Re: recursion problem with newer security machinery

Christopher N. Deckard cnd at ecn.purdue.edu
Thu Jan 20 14:37:57 EST 2005 

Tres Seaver wrote:
> Christopher N. Deckard wrote:
> 
>> We recently upgraded to 2.6.4, and are now having a problem with our 
>> custom UserFolder Product.  I've narrowed everything down to a few 
>> methods, but am at a loss on how to fix it.
>>
>> In our UserFolder User class, we have overridden getRolesInContext to 
>> look for a Python Script (we call it an "authorize script"), in parent 
>> folders of the published object.  It then calls each script to 
>> programatically add roles at runtime.  This works great with Zope 
>> 2.6.2.  I have noticed that in Zope 2.6.4 the method 
>> Bindings._getContext in Shared/DC/Scripts/Bindings.py has new validate 
>> code in it.  I believe this is what is causing the problem for us.
>>
>> What is strange is that this is only a problem when using 
>> ExternalEditor, and when the container of the object we are trying to 
>> edit contains an "authorize script".  From the ZMI there are no 
>> problems, and from folders under the folder with the "authorize 
>> script" there are no problems editing with ExternalEditor.
>>
>> Any help would be appreciated.  Below is our code, and the two 
>> _getContext implementations for quicker reference.
> 
> 
> The recursion problem stems from the fact that the new bindings 
> machinery wants to ensure that the user has roles for the context before 
> binding it, but you need the script to run to determine whether the user 
> has roles.  The older code created a nasty security issue for sites 
> which made it possible for untrusted users to write PythonScripts.
> 
> I don't know that this will work, but try giving the script
> proxy role of 'Manager';  if that works, then you are set.
> 
> If it doesn't work, then I believe you need to look at converting your 
> PythonScripts to instances of a "tool" class which can run the check as 
> trusted code.
> 
> Tres.

While setting the proxy role of 'Manager' does make things work for us, 
I'm confused as to why this is necessary.  (Also, setting proxy role of 
'Anonymous' works just fine too.)  Why is accessing an object different 
in the context of ExternalEditor compared to that of accessing it 
through the ZMI.

If I have a structure like:

/
/FOO
/FOO/authorize
/FOO/bar

I can edit bar just fine through the ZMI, but not through 
ExternalEditor.  I don't understand why there should be a difference 
here.  /FOO/authorize still has to be called by our UserFolder, whether 
it be from the ZMI or EE.

Thanks,
-Chris

-- 
--------------------------------------------------------------------
     Christopher N. Deckard      |     Lead Web Systems Developer
       cnd at ecn.purdue.edu        |    Engineering Computer Network
   http://eng.purdue.edu/ECN/    |         Purdue University
---- zlib.decompress('x\234K\316Kq((-J)M\325KM)\005\000)"\005w') ---

More information about the Zope mailing list