[Zope3-Users] Where unauthorized is raised?

Roger Ineichen dev at projekt01.ch
Fri Jul 21 06:55:13 EDT 2006


Hi Darryl

> Hi,
> 
> def __init__ ...
>   self.context = self.__parent__ = context
> 
> That's what I was missing in the adapter. Can I clarify this?
> 
> The adapter is adapting an object (`self.context=context` in 
> `__init__`).
> The field is getting an attribute from the security-proxied adapter.
> The permission is found on the adapter ('tfws.view') and the 
> principal has this permission in the context, **but**; not on 
> the adapter because the adapter has no 'location'. Only when 
> I gave it a location with `self.__parent__` was the 
> principal's possesion of the permission recognised as 
> applying also to the adapter.
> 
> Baiju:  Probably one for your faq? Pester me.
> 
> Likely be it, that somewhere is text that would have informed 
> me. Damned if I could find it though. Excuse the noise.

You can use in the adapter directive the locate attribute and perhaps
a trusted attribute like:

<adapter
    name="photo_or_somthing"
    factory="theFactory"
    locate="True"
    trusted="True"
    />

The attribute locate will proxy your adapter with a LocationProxy

The trusted attribute will make sure that the security proxy get 
wrapped outside the adapter, which means that you have trusted 
access to yur adapters method but every thing which is returned
from this methods get proxied. If a adapter is not trusted,
the method of the adapter itself get security proxied.




> Cheers.
> Darryl
> 
> PS:
> 
> Where is that Unauthorized raised?
> 
> # grep -R Unauthorized /usr/lib/python2.4/site-packages/zope/ 
> | grep raise | uniq ...
> /usr/lib/python2.4/site-packages/zope/security/checker.py: 
> raise Unauthorized(object, name, permission) ...
> 
> That's the only one that matches, but I don't believe that is 
> it. Maybe then in a .so? Curious.
> 
> Darryl.
> 
> 
> On Fri, 2006-07-21 at 20:26 +1200, Darryl Cousins wrote:
> > Hi,
> > 
> > An update on this.
> > 
> > When I change the permission on IMemberEditForm to zope.Public or 
> > zope.View then the form is displayed. Which is why I want 
> to find the 
> > permission checker. The principal can view other objects 
> protected by 
> > tfws.view but not this one.
> > 
> > If I can find where the permission is being checked then perhaps I 
> > will find out why my principal is not passing the security 
> checker and 
> > how I can fix it.
> > 
> > Sorry if I'm getting hysterical.
> > 
> > Regards,
> > Darryl
> > 
> > On Fri, 2006-07-21 at 19:33 +1200, Darryl Cousins wrote:
> > > Hi All,
> > > 
> > > I'm having a permissions problem with a formlib form and 
> an adapter. 
> > > 
> > > I have put the following in zope/schema/_bootstrapfields.py
> > > 
> > > class Field ...
> > > 
> > >     def get(self, object):
> > >         try:
> > >             getattr(object, self.__name__)
> > >         except:
> > >             import sys
> > >             print sys.exc_type, sys.exc_value
> > >         return getattr(object, self.__name__)
> > > 
> > > the print I get is:
> > > 
> > >     zope.security.interfaces.Unauthorized
> > > (<tfws.portal.member.adapters.MemberEditFormForMember object at
> > > 0xb5b5bc8c>, 'clear_photo', 'tfws.view')
> > > 
> > > What I need to know is where is this Unauthorized being raised to 
> > > debug further (as my principal indeed has the permission 
> tfws.view). 
> > > I need to pinpoint why.
> > > 
> > > the only raise I can find that matches is in 
> zope/security/checker 
> > > but 'print's that I have added there give me nothing.
> > > 
> > > Thanks,
> > > Darryl
> > > 
> > > _______________________________________________
> > > Zope3-users mailing list
> > > Zope3-users at zope.org
> > > http://mail.zope.org/mailman/listinfo/zope3-users
> > 
> > _______________________________________________
> > Zope3-users mailing list
> > Zope3-users at zope.org
> > http://mail.zope.org/mailman/listinfo/zope3-users
> 
> _______________________________________________
> Zope3-users mailing list
> Zope3-users at zope.org
> http://mail.zope.org/mailman/listinfo/zope3-users
> 



More information about the Zope3-users mailing list