[Zope3-Users] Security declarations on OOBTreeItems
Marius Gedminas
marius at gedmin.as
Wed Mar 31 14:47:13 EDT 2010
On Thu, Apr 01, 2010 at 12:34:03AM +0900, hass wrote:
> I'm experiencing a problem with security declarations in OOBTreeItems.
> The following setting which used to worked with an older version of
> zope.security failed after upgrading to 3.7.2.
What version did you use before?
<...snip...>
> the error occurs in a view when I try to see if a filename is already in
> self.context.keys():
> ------------------
> File "pdfprofile/browser.py", line 151, in extractData
> if data['filename'] in self.context.keys():
> ForbiddenAttribute: ('__contains__', <OOBTreeItems object at 0xb71c7570>)
You could use
if data['filename'] in self.context:
instead, and avoid the OOBTreeItems completely.
> Now I believe I have correct declarations on the self.context. The
> problem only arises when I try to look inside the self.context.keys()
> which is a OOBTreeItems object.
>
> When I try to check the security declarations, I get an empty list
> meaning no declarations at all.
I don't think I remember zope.security (and zope.app.security before
that) ever declaring permissions for OOBTreeItems...
> >>from zope.security.proxy import getTestProxyItems
> >>getTestProxyItems(self.context.keys())
> >>[]
>
> Do I have to declare them myself? shouldn't these declarations come as
> default?
Good question. I don't see why not.
Regards,
Marius Gedminas
--
if (Match.FileMatch(F) == true && Fixed[F->ID] == false)
-- apt-pkg/policy.cc (apt 0.5.23)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://mail.zope.org/pipermail/zope3-users/attachments/20100331/2606d807/attachment.bin
More information about the Zope3-users
mailing list