[Zope3-Users] Need help with a Five / Viewlet Configuration Problem
kevin gill
kevin at movieextras.ie
Thu Feb 19 05:47:35 EST 2009
I am getting a ForbiddenAttribute error on 'render' when I try to display
a viewlet in my Zope2 application.
I am running zope 2.11.2 + Five. I am currently working on integrating
grok + z3c.form into our stack.
I have security a problem configuring the
z3c.formjs.interfaces.IDynamicJavaScript viewlet.
The viewlet configuration (in z3c.formjs) seems standard...
<browser:viewlet
name="z3c.formjs.subscriptions"
manager=".interfaces.IDynamicJavaScript"
view="z3c.formjs.interfaces.IHaveJSSubscriptions"
class="z3c.formjs.jsevent.JSSubscriptionsViewlet"
permission="zope.Public"
layer="z3c.form.interfaces.IFormLayer"
/>
The viewlet is very standard.
When I run the system, the viewlet is wrapped using the
Products.Five.viewlet.metaconfigure functionality to provide a wrapped
viewlet.
However, when I run the application, I get this error...
Module zope.viewlet.manager, line 107, in update
Module zope.viewlet.manager, line 85, in filter
Module zope.security.checker, line 134, in canAccess
ForbiddenAttribute: ('render',
<Products.Five.viewlet.metaconfigure.JSSubscriptionsViewlet object at
0x84c0410>)
It appears to me that, at runtime, an incorrect 'checker' is being picked
up. I believe that I should be seeing a call to
Products/Five/security.py:checkPermission, but I believe I am picking up a
different checker.
I cannot seem to debug the checker, even though I set
security-policy-implementation python in the zope.conf.
Other (possibly) relevant information...
(Pdb) adapter.__class__
<class 'Products.Five.viewlet.metaconfigure.JSSubscriptionsViewlet'>
(Pdb) from Products.Five.security import getSecurityInfo
(Pdb) getSecurityInfo(adapter.__class__)
{'render__roles__': None, 'update__roles__': None, '__roles__': None,
'__ac_permissions__': ()}
(Pdb) from zope.security.management import thread_local
(Pdb) thread_local.interaction
<Products.Five.security.FiveSecurityPolicy object at 0x84c0650>
More information about the Zope3-users
mailing list