Hello BlueBream List! I am new to Bluebream but I programmed in Python/Plone/Zope/ for some years. Thank you a lot for bringing up Zope3 to live again!
Currently I got a strange effect calling a view in my bluebream project. A) If I call it like this http://../engine/index it works without problems . B) If I call it like this http://../engine/@@index I got a stacktrace which ends in a forbiddenAttribute error. The view itself is trivial: class BookingEngineDefaultView(BrowserView): """Default view for a booking engine""" def update(self): import pdb; pdb.set_trace() Suppose the following Model zope-root -> engine -> Product where Product has an attribute "name". The view just uses a pagetemplate that does: <li tal:repeat="products context/values"> <a tal:attributes="href products/@@absolute_url" tal:content="python:products.name">Name</a> In Case B) the following stacktrace results: *Line 10, Column 6* *In expression: <PythonExpr (products.name)>* - Names: {'args': (), 'context': <inqbus.booking.engine.app.BookingEngine object at 0xa43ca2c>, 'default': <object object at 0xb7547680>, 'loop': {}, 'nothing': None, 'options': {}, 'repeat': {}, 'request': <zope.publisher.browser.BrowserRequest instance URL=http://127.0.0.1:8080/++skin++Booking/engine/@@index>, 'template': <z3c.ptcompat.ViewPageTemplateFile object at 0xa2bd96c>, 'view': <z3c.pagelet.zcml.BookingEngineDefaultView object at 0xa550d2c>, 'views': <zope.browserpage.viewpagetemplatefile.ViewMapper object at 0xa5c306c>} Module zope.tales.tales:*696* in |evaluate| <http://127.0.0.1:8080/++skin++Booking/engine/@@index#> |<< <http://127.0.0.1:8080/++skin++Booking/engine/@@index#> __traceback_supplement__ = ( TALESTracebackSupplement, self, expression) return expression(self) evaluateValue = evaluate||>> <http://127.0.0.1:8080/++skin++Booking/engine/@@index#>*return* expression*(*self*)*| (products.name) Module zope.tales.pythonexpr:*59* in |__call__| <http://127.0.0.1:8080/++skin++Booking/engine/@@index#> |<< <http://127.0.0.1:8080/++skin++Booking/engine/@@index#> __traceback_info__ = self.text vars = self._bind_used_names(econtext, __builtins__) return eval(self._code, vars) def __str__(self):||>> <http://127.0.0.1:8080/++skin++Booking/engine/@@index#>*return* eval*(*self*.*_code*,* vars*)*| Module ?:*1* in |<module>| <http://127.0.0.1:8080/++skin++Booking/engine/@@index#> *ForbiddenAttribute: ('name', <inqbus.booking.classes.product.Product object at 0xa35c5cc>)* I am wondering: * Why do the similiar URLs that lead to the same view (prooved by pdb) with the same principal (zope.Manager, prooved by pdb) lead to different results. * How could it be, that a forbiddenAttribute error is raised if I work as Zope.Manager that has a grantAll Permission. The effect is independed of the type of the view. I tried pagelet-Style and BrowserView-Style with the some outcome. My guess is, that the B) URL results in a more paranoid security checking than the A) URL. But if this is the case, is this behavior the correct one? Any hints welcome. In the appendix you find the relevant ZCML Best Regards Volker <!-- booking engine default view --> <browser:defaultView for="..interfaces.IBookingEngine" name="index" layer=".layer.IBookingBrowserLayer" /> <!-- booking engine default view --> <z3c:pagelet for="..interfaces.IBookingEngine" name="index" permission="zope.ManageContent" layer=".layer.IBookingBrowserLayer" class=".views.BookingEngineDefaultView" /> <!-- template for booking engine default view --> <z3c:template template="frontpage.pt" for=".views.BookingEngineDefaultView" layer=".layer.IBookingBrowserLayer" /> <!-- menu item for booking engine default view --> <browser:viewlet name="View booking engine" viewURL="@@index" for="zope.app.component.interfaces.ISite" manager=".skin.INavigationMenu" class="z3c.menu.simple.menu.GlobalMenuItem" layer=".layer.IBookingBrowserLayer" permission="zope.ManageContent" weight="1" /> -- ==================================================== inqbus it-consulting +49 ( 341 ) 5643800 Dr. Volker Jaenisch http://www.inqbus.de Herloßsohnstr. 12 0 4 1 5 5 Leipzig N O T - F Ä L L E +49 ( 170 ) 3113748 ==================================================== _______________________________________________ bluebream mailing list [email protected] https://mail.zope.org/mailman/listinfo/bluebream
