[Zope3-Users] Where unauthorized is raised?

Darryl Cousins darryl at darrylcousins.net.nz
Fri Jul 21 05:46:21 EDT 2006


Hi,

def __init__ ...
  self.context = self.__parent__ = context

That's what I was missing in the adapter. Can I clarify this?

The adapter is adapting an object (`self.context=context` in
`__init__`).
The field is getting an attribute from the security-proxied adapter.
The permission is found on the adapter ('tfws.view') and the principal
has this permission in the context, **but**; not on the adapter because
the adapter has no 'location'. Only when I gave it a location with
`self.__parent__` was the principal's possesion of the permission
recognised as applying also to the adapter.

Baiju:  Probably one for your faq? Pester me.

Likely be it, that somewhere is text that would have informed me. Damned
if I could find it though. Excuse the noise.

Cheers.
Darryl

PS:

Where is that Unauthorized raised?

# grep -R Unauthorized /usr/lib/python2.4/site-packages/zope/ | grep raise | uniq
...
/usr/lib/python2.4/site-packages/zope/security/checker.py: raise Unauthorized(object, name, permission)
...

That's the only one that matches, but I don't believe that is it. Maybe
then in a .so? Curious.

Darryl.


On Fri, 2006-07-21 at 20:26 +1200, Darryl Cousins wrote:
> Hi,
> 
> An update on this.
> 
> When I change the permission on IMemberEditForm to zope.Public or
> zope.View then the form is displayed. Which is why I want to find the
> permission checker. The principal can view other objects protected by
> tfws.view but not this one.
> 
> If I can find where the permission is being checked then perhaps I will
> find out why my principal is not passing the security checker and how I
> can fix it.
> 
> Sorry if I'm getting hysterical.
> 
> Regards,
> Darryl
> 
> On Fri, 2006-07-21 at 19:33 +1200, Darryl Cousins wrote:
> > Hi All,
> > 
> > I'm having a permissions problem with a formlib form and an adapter. 
> > 
> > I have put the following in zope/schema/_bootstrapfields.py
> > 
> > class Field ...
> > 
> >     def get(self, object):
> >         try:
> >             getattr(object, self.__name__)
> >         except:
> >             import sys
> >             print sys.exc_type, sys.exc_value
> >         return getattr(object, self.__name__)
> > 
> > the print I get is:
> > 
> >     zope.security.interfaces.Unauthorized
> > (<tfws.portal.member.adapters.MemberEditFormForMember object at
> > 0xb5b5bc8c>, 'clear_photo', 'tfws.view')
> > 
> > What I need to know is where is this Unauthorized being raised to debug
> > further (as my principal indeed has the permission tfws.view). I need to
> > pinpoint why.
> > 
> > the only raise I can find that matches is in zope/security/checker but
> > 'print's that I have added there give me nothing.
> > 
> > Thanks,
> > Darryl
> > 
> > _______________________________________________
> > Zope3-users mailing list
> > Zope3-users at zope.org
> > http://mail.zope.org/mailman/listinfo/zope3-users
> 
> _______________________________________________
> Zope3-users mailing list
> Zope3-users at zope.org
> http://mail.zope.org/mailman/listinfo/zope3-users



More information about the Zope3-users mailing list