[Zope3-Users] Re: Permissions for updateOrder() on OrderedContainer
Philipp von Weitershausen
philipp at weitershausen.de
Tue Aug 8 18:32:42 EDT 2006
Arne Nordmann wrote:
> Hi folks,
>
> first of all: I'm working with Zope 3.3 and Python 2.4.
>
> I created a hierarchical structure of OrderedContainers - some kind of a
> tree - and now want to sort it with Python. To move the containers from
> level to level in this tree with the ObjectMover is no problem, but
> updating the order of the contained elements inside the containers fails
> with a ForbiddenAttribute error.
>
> For example:
> A, B, C are containers with the names 'A', 'B' and 'C'.
> B and C are contained by A.
> ----------------
>>>> A.updateOrder(['C', 'B'])
> Traceback (most recent call last):
> ...
> ForbiddenAttribute: ('updateOrder', <mypackage.cont.Cont object at
> 0x022244B0>
> -------------
> (object at 0x022244B0 is OrderedContainer 'A')
>
> configure.zcml defines each used interface with permission
> 'ManageContent' and I'm logged in as 'Manager'. Accessing the method
> keys(), values(), etc. of the OrderedContainers is no problem. So what's
> the problem?
ForbiddenAttribute are always (ALWAYS!!!) a lack of missing security
declarations or code accessing stuff it shouldn't. Since accessing
updateOrder seems reasonable to do, you're most definitely lacking a
security declaration for it.
Zope will not allow anything if you don't declare it.
Philipp
More information about the Zope3-users
mailing list