[Zope3-Users] Security declarations on OOBTreeItems

Marius Gedminas marius at gedmin.as
Wed Mar 31 14:47:13 EDT 2010

On Thu, Apr 01, 2010 at 12:34:03AM +0900, hass wrote:
> I'm experiencing a problem with security declarations in OOBTreeItems.
> The following setting which used to worked with an older version of 
> zope.security failed after upgrading to 3.7.2.

What version did you use before?

> the error occurs in a view when I try to see if a filename is already in 
> self.context.keys():
> ------------------
>   File "pdfprofile/browser.py", line 151, in extractData
>     if data['filename'] in self.context.keys():
> ForbiddenAttribute: ('__contains__', <OOBTreeItems object at 0xb71c7570>)

You could use

      if data['filename'] in self.context:

instead, and avoid the OOBTreeItems completely.

> Now I believe I have correct declarations on the self.context. The 
> problem only arises when I try to look inside the self.context.keys() 
> which is a OOBTreeItems object.
> When I try to check the security declarations, I get an empty list 
> meaning no declarations at all.

I don't think I remember zope.security (and zope.app.security before
that) ever declaring permissions for OOBTreeItems...

>  >>from zope.security.proxy import getTestProxyItems
>  >>getTestProxyItems(self.context.keys())
>  >>[]
> Do I have to declare them myself? shouldn't these declarations come as 
> default?

Good question.  I don't see why not.

Marius Gedminas
if (Match.FileMatch(F) == true && Fixed[F->ID] == false)
	-- apt-pkg/policy.cc (apt 0.5.23)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://mail.zope.org/pipermail/zope3-users/attachments/20100331/2606d807/attachment.bin 

More information about the Zope3-users mailing list