[Zope] Re: ExternalFile errors

friedrich steindl zopp at floSoft.net
Mon Mar 7 17:38:42 EST 2005 

hi all,

i had the same problem as the first poster
but the solution does not work for me

the error comes from this additional line in 'create.pt'
    <tal:work define="global ef modules/Products/ExternalFile" />

it still produces a 'not authorized'

the complete traceback reads as follows

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Site Error

An error was encountered while publishing this resource. 

Unauthorized

 Sorry, a site error occurred.


Traceback (innermost last): 

Module ZPublisher.Publish, line 175, in publish_module_standard
 Module ZPublisher.Publish, line 132, in publish
 Module Zope.App.startup, line 204, in zpublisher_exception_hook
 Module ZPublisher.Publish, line 101, in publish
 Module ZPublisher.mapply, line 88, in mapply
 Module ZPublisher.Publish, line 39, in call_object
 Module Shared.DC.Scripts.Bindings, line 306, in __call__
 Module Shared.DC.Scripts.Bindings, line 343, in _bindAndExec
 Module Products.PageTemplates.PageTemplateFile, line 106, in _exec
 Module Products.PageTemplates.PageTemplate, line 96, in pt_render
 <PageTemplateFile at /WeatherFiles/manage_addExternalFileForm>
 Module TAL.TALInterpreter, line 190, in __call__
 Module TAL.TALInterpreter, line 234, in interpret
 Module TAL.TALInterpreter, line 464, in do_setGlobal_tal
 Module Products.PageTemplates.TALES, line 221, in evaluate
 URL: manage_addExternalFileForm
 Line 1, Column 0
 Expression: standard:'modules/Products/ExternalFile'
 Names:
{'container': <__FactoryDispatcher__ instance at 40a3d740>,
 'context': <__FactoryDispatcher__ instance at 40a3d740>,
 'default': <Products.PageTemplates.TALES.Default instance at 0x40a237ac>,
 'here': <__FactoryDispatcher__ instance at 40a3d740>,
 'loop': <SafeMapping instance at 40e7d3e0>,
 'modules': <Products.PageTemplates.ZRPythonExpr._SecureModuleImporter 
instance at 0x40a232ac>,
 'nothing': None,
 'options': {'args': ()},
 'repeat': <SafeMapping instance at 40e7d3e0>,
 'request': <HTTPRequest, URL=http://192.168.11.47:9080/WeatherFiles/
manage_addProduct/ExternalFile/create>,
 'root': <Application instance at 40d644d0>,
 'template': <PageTemplateFile at /WeatherFiles/manage_addExternalFileForm>,
 'traverse_subpath': [],
 'user': fs}
 Module Products.PageTemplates.Expressions, line 201, in __call__
 Module Products.PageTemplates.Expressions, line 189, in _eval
 Module Products.PageTemplates.Expressions, line 145, in _eval
 __traceback_info__: modules
 Module Products.PageTemplates.Expressions, line 340, in restrictedTraverse
 __traceback_info__: {'path': ['Products', 'ExternalFile'], 
'TraversalRequestNameStack': []}
Unauthorized: You are not allowed to access 'ExternalFile' in this context 
(Also, an error occurred while attempting to render the standard error 
message.) 

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Zope version: (Zope 2.7.4-0, python 2.3.3, linux2) 
Python version: 2.3.3 (#3, Mar 11 2004, 00:53:33) [GCC 3.3 20030226 
(prerelease) (SuSE Linux)] 


thx for your help

steindl friedrich
       (-:fs)

======================================================

Am Freitag, 7. Januar 2005 18:23 tippte Steve McMahon:
> Two (late) solutions:
>
> 1) If you don't need the batch addition support, just comment out the
> section of create.pt that calls gethostname and the whole div that
> supports batch addition.
>
> 2) If you're more adventurous, add to __init__.py security declarations
> to make the needed module functions public. The code will look like:
>
> from AccessControl import ModuleSecurityInfo
>
> ModuleSecurityInfo('ExternalFile').declarePublic('gethostname')
> ModuleSecurityInfo('ExternalFile').declarePublic('illegalCharsAsString')
> ModuleSecurityInfo('ExternalFile').declarePublic('omittedDirNamesAsString')
> ModuleSecurityInfo('ExternalFile').declarePublic('omittedDirPrefixesAsStrin
>g')
> ModuleSecurityInfo('ExternalFile').declarePublic('omittedDirSuffixesAsStrin
>g')
> ModuleSecurityInfo('ExternalFile').declarePublic('omittedFileNamesAsString'
>)
> ModuleSecurityInfo('ExternalFile').declarePublic('omittedFilePrefixesAsStri
>ng')
> ModuleSecurityInfo('ExternalFile').declarePublic('omittedFileSuffixesAsStri
>ng')
>
> ModuleSecurityInfo('ExternalFile').apply(globals())
>
> Then, in www/create.pt, add a line like:
>
>    <tal:work define="global ef modules/Products/ExternalFile" />
>
> change
>
> tal:content="container/gethostname"
>
> to
>
> tal:content="ef/gethostname"
>
> and ALL the code like:
>
> tal:attributes="value container/illegalCharsAsString"
>
> to
>
> tal:attributes="value python: ef.illegalCharsAsString(container)"
>
> If you don't want to mess with the security declarations, you could also
> just edit www/create.pt to remove the section that prints the hostname
> and all the "tal:attributes..." that supply default values in the batch
> section.
>
> Steve
>
> BTW, I don't regularly watch this list; so if you'd like my attention in
> a reply, please CC me.
>
> Chris H wrote:
> > Greets;
> >
> > Testing externalFile from collective cvs consistantly gives the
> > following error upon creating an instance, regardless of user that
> > starts the zope process.
> >
> > URL: manage_addExternalFileForm
> > Line 36, Column 5
> > Expression: standard:'container/gethostname'
> > Names:
> > {'container': <__FactoryDispatcher__ instance at 40f65340>,
> > 'context': <__FactoryDispatcher__ instance at 40f65340>,
> > 'default': <Products.PageTemplates.TALES.Default instance at 0x40b8ae6c>,
> > 'here': <__FactoryDispatcher__ instance at 40f65340>,
> > 'loop': <SafeMapping instance at 40f653e0>,
> > 'modules': <Products.PageTemplates.ZRPythonExpr._SecureModuleImporter
> > instance at 0x40b8fb0c>,
> > 'nothing': None,
> > 'options': {'args': ()},
> > 'repeat': <SafeMapping instance at 40f653e0>,
> > 'request': <HTTPRequest,
> > URL=http://localhost:8080/manage_addProduct/ExternalFile/create>,
> > 'root': <Application instance at 417e2a10>,
> > 'template': <PageTemplateFile at /manage_addExternalFileForm>,
> > 'traverse_subpath': [],
> > 'user': chris}
> > Module Products.PageTemplates.Expressions, line 201, in __call__
> > Module Products.PageTemplates.Expressions, line 189, in _eval
> > Module Products.PageTemplates.Expressions, line 145, in _eval
> > __traceback_info__: container
> > Module Products.PageTemplates.Expressions, line 340, in
> > restrictedTraverse __traceback_info__: {'path': ['gethostname'],
> > 'TraversalRequestNameStack': []}
> > Unauthorized: You are not allowed to access 'gethostname' in this
> > context (Also, an error occurred while attempting to render the standard
> > error message.)
> >
> > Any suggestions on how to resolve this?
> >
> > /ch
>
> _______________________________________________
> Zope maillist  -  Zope at zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )

More information about the Zope mailing list