[Zope-dev] Reporting X-FORWARDED-FOR into the log ( REMOTE_ADDR )
I have a Zope server behind a proxy server, this proxy enables de X-FORWARDED-FROM that contains the real ip of the client that is connected. I want to log this variable but I cannot find the way to do it. Can anyone to help me? Thanks. __ Yahoo! lanza su nueva tecnología de búsquedas ¿te atreves a comparar? http://busquedas.yahoo.es ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] [Zope Enhancement Proposal] Sanitizing local roles
Local roles are "acquired" from ancestors. While this is not bad for e.g. a "Manager" local role, its conceptual usefulness is in great doubt for e.g. the "Owner" role. It is very unclear why an "Owner" of a folder should automatically be an "Owner" of all its content. I therefore propose to make "acquisition" of local roles customizable. I see two potential variants: 1. objects get a boolean flag "__ac_acquire_local_roles__" with default value "True" which allows "acquisition" of all local roles. 2. objects get a dictionary "__ac_acquire_local_roles__" mapping role names to a boolean which allows acquisition for the respective role. Of course, the second variant provides more fine grained control and will require a more complex UI. The change would affect the methods "allowed" and "getRolesInContext". of "AccessControl.User.BasicUser" and would require new methods in "AccessControl.Role.RoleManager" to read and modify the new "__ac_acquire_local_roles__". Moreover, I propose to change the local role management pages. When setting local roles, information about "acquired" local role definitions is very helpful. I therefore propose to display this information on the local role edit page. I even would prefer a much more drastic change for both local role management and permission-role-map management: a compact look only overview mapping roles to users and permission to roles, respectively, with links to a page to edit the association of a single role or permission, respectively. Something like: Role| acquire | locally assigned users| ancestor assigned users - Owner | no | dieter| admin, dieter - Manager | yes| dieter| admin - The "Role" column is a link to a page to edit "acquire" and "locally assigned users" for the respective role. Advantages: * more natural behaviour for roles like "Owner" * access restricted sub-sites would be much easier to implement * more informative management pages Risks: * Classes deriving from "AccessControl.BasicUser" may have overridden "allowed" and "getRolesInContext". Such overridden methods would not interpret "__ac_acquire_local_roles__" until adapted. Fortunately, it is not very likely that these two methods are overridden. * Local roles get a bit more complex. However, explicit "acquisition" control is already used for the permission role mapping. Thus, users could recognize the same concept. * The 2.8/2.9 edition of the Zope Book would need to be adapted. If there is interest, I could implement the changes and provide patches against the Zope SVN version. However, I do not have write permissions to the repository. This means, someone else would need to make the actual checkins. BTW: Almost surely, I will implement the proposed change in our "private" Zope copy and use it in one of our projects. This means, I could provide "production experience" for the change in some months. -- Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [Zope Enhancement Proposal] Sanitizing local roles
I would very much apreciate such an enhancment. so ++1 I would like to see where a role was assigned. And If I can express yet an other wish: I would very much like to have a way to see what the settings for a particular User is. And where the settings for a given permissions have come from. Robert Dieter Maurer wrote: Local roles are "acquired" from ancestors. While this is not bad for e.g. a "Manager" local role, its conceptual usefulness is in great doubt for e.g. the "Owner" role. It is very unclear why an "Owner" of a folder should automatically be an "Owner" of all its content. I therefore propose to make "acquisition" of local roles customizable. I see two potential variants: 1. objects get a boolean flag "__ac_acquire_local_roles__" with default value "True" which allows "acquisition" of all local roles. 2. objects get a dictionary "__ac_acquire_local_roles__" mapping role names to a boolean which allows acquisition for the respective role. Of course, the second variant provides more fine grained control and will require a more complex UI. The change would affect the methods "allowed" and "getRolesInContext". of "AccessControl.User.BasicUser" and would require new methods in "AccessControl.Role.RoleManager" to read and modify the new "__ac_acquire_local_roles__". Moreover, I propose to change the local role management pages. When setting local roles, information about "acquired" local role definitions is very helpful. I therefore propose to display this information on the local role edit page. I even would prefer a much more drastic change for both local role management and permission-role-map management: a compact look only overview mapping roles to users and permission to roles, respectively, with links to a page to edit the association of a single role or permission, respectively. Something like: Role| acquire | locally assigned users| ancestor assigned users - Owner | no | dieter| admin, dieter - Manager | yes| dieter| admin - The "Role" column is a link to a page to edit "acquire" and "locally assigned users" for the respective role. Advantages: * more natural behaviour for roles like "Owner" * access restricted sub-sites would be much easier to implement * more informative management pages Risks: * Classes deriving from "AccessControl.BasicUser" may have overridden "allowed" and "getRolesInContext". Such overridden methods would not interpret "__ac_acquire_local_roles__" until adapted. Fortunately, it is not very likely that these two methods are overridden. * Local roles get a bit more complex. However, explicit "acquisition" control is already used for the permission role mapping. Thus, users could recognize the same concept. * The 2.8/2.9 edition of the Zope Book would need to be adapted. If there is interest, I could implement the changes and provide patches against the Zope SVN version. However, I do not have write permissions to the repository. This means, someone else would need to make the actual checkins. BTW: Almost surely, I will implement the proposed change in our "private" Zope copy and use it in one of our projects. This means, I could provide "production experience" for the change in some months. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] ERROR(200) ZODB Couldn't load state for... Memory problem?
Hi all, On OSX 10.3 (Pahter), Python 2.3.4, Zope 2.7.1, I'm frequently seeing this.. 2004-07-22T14:00:24 ERROR(200) ZODB Couldn't load state for 16ad Traceback (most recent call last): File "/usr/local/zope/zope271/lib/python/ZODB/Connection.py", line 559, in setstate p, serial = self._storage.load(oid, self._version) File "/usr/local/zope/zope271/lib/python/ZEO/ClientStorage.py", line 755, in load self._cache.store(oid, p, s, v, pv, sv) File "/usr/local/zope/zope271/lib/python/ZEO/ClientCache.py", line 601, in store self._store(oid, p, s, version, pv, sv) File "/usr/local/zope/zope271/lib/python/ZEO/ClientCache.py", line 631, in _store f.seek(self._pos) AttributeError: 'NoneType' object has no attribute 'seek' It's intermittent at first, then back-to-back. Following thread leads me to look for memory shortage. But I'd expect a different message in that case. http://www.mail-archive.com/[EMAIL PROTECTED]/msg15039.html This thread seems to suggest such messages (in different context) can be ignored. But I can't do that. This is a symptom of a bigger problem. http://mail.zope.org/pipermail/zope/2001-August/097300.html Has anyone seen this in these circumstances? --r. — Russ Ferriday Solution Workshops for Plone (+44) (0) 7789 338868 http://www.solutionworkshops.com___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Making a ZSQL.DA fully multi-threaded?
Chris Withers wrote at 2004-7-21 16:44 +0100: >Brad Clements wrote: I have set the SAPDB timeout to 32400 seconds. >>> >>>Unless you have an extremely heavily loaded Zope, that's too low, and may >>>be causing you problems... >> >> That is the maximum allowed value in dbmgui. > >My point is that unless you implement a connection pool model independent of >Zope's threading, you WILL run into problems if you have ANY kind of timeout >where the DA isn't smnart enough to reconnect connections that have closed... All DA's I saw up to now, do a reconnect. But this is *WRONG" -- as part of a transaction may have been lost. After "reconnecting", they should raise an exception derived from "ConflictError" and let the complete request retry. -- Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ERROR(200) ZODB Couldn't load state for... Memory problem?
I have seen this as well but I haven't been able to pin it down. On Thu, 2004-07-22 at 16:16, Russ Ferriday wrote: > Hi all, > > On OSX 10.3 (Pahter), Python 2.3.4, Zope 2.7.1, I'm frequently > seeingthis.. > 2004-07-22T14:00:24 ERROR(200) ZODB Couldn't load state > for16ad > Traceback (most recent call last): > File "/usr/local/zope/zope271/lib/python/ZODB/Connection.py", > line559, in setstate > p, serial = self._storage.load(oid, self._version) > File "/usr/local/zope/zope271/lib/python/ZEO/ClientStorage.py", > line755, in load > self._cache.store(oid, p, s, v, pv, sv) > File "/usr/local/zope/zope271/lib/python/ZEO/ClientCache.py", > line601, in store > self._store(oid, p, s, version, pv, sv) > File "/usr/local/zope/zope271/lib/python/ZEO/ClientCache.py", > line631, in _store > f.seek(self._pos) > AttributeError: 'NoneType' object has no attribute 'seek' > > It's intermittent at first, then back-to-back. > > Following thread leads me to look for memory shortage. But I'd expecta > different message in that case. > http://www.mail-archive.com/[EMAIL PROTECTED]/msg15039.html > > This thread seems to suggest such messages (in different context) > canbe ignored. But I can't do that. This is a symptom of a bigger > problem. > http://mail.zope.org/pipermail/zope/2001-August/097300.html > > Has anyone seen this in these circumstances? > --r. > > > > > â > Russ Ferriday > Solution Workshops for Plone > (+44) (0) 7789 338868 > http://www.solutionworkshops.com > > __ > ___ > Zope-Dev maillist - [EMAIL PROTECTED] > http://mail.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** > (Related lists - > http://mail.zope.org/mailman/listinfo/zope-announce > http://mail.zope.org/mailman/listinfo/zope ) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ERROR(200) ZODB Couldn't load state for... Memory problem?
Thanks, Chris. We're fronting two Zopes with Pound for load balancing. I can't see there would be any connection with this error. But I mention it in case there's a pattern. Also, the database came from 2.7.0 and an earlier python. This looks like resource starvation to me. The servers run for an hour or two this problems shows up, becoming worse for a while, then we need a restart. I'm try to debug it tomorrow. What would you look for? Any tips for resource monitoring? --r. On 22 Jul 2004, at 21:49, Chris McDonough wrote: I have seen this as well but I haven't been able to pin it down. On Thu, 2004-07-22 at 16:16, Russ Ferriday wrote: Hi all, On OSX 10.3 (Pahter), Python 2.3.4, Zope 2.7.1, I'm frequently seeingthis.. 2004-07-22T14:00:24 ERROR(200) ZODB Couldn't load state for16ad Traceback (most recent call last): File "/usr/local/zope/zope271/lib/python/ZODB/Connection.py", line559, in setstate p, serial = self._storage.load(oid, self._version) File "/usr/local/zope/zope271/lib/python/ZEO/ClientStorage.py", line755, in load self._cache.store(oid, p, s, v, pv, sv) File "/usr/local/zope/zope271/lib/python/ZEO/ClientCache.py", line601, in store self._store(oid, p, s, version, pv, sv) File "/usr/local/zope/zope271/lib/python/ZEO/ClientCache.py", line631, in _store f.seek(self._pos) AttributeError: 'NoneType' object has no attribute 'seek' It's intermittent at first, then back-to-back. Following thread leads me to look for memory shortage. But I'd expecta different message in that case. http://www.mail-archive.com/[EMAIL PROTECTED]/msg15039.html This thread seems to suggest such messages (in different context) canbe ignored. But I can't do that. This is a symptom of a bigger problem. http://mail.zope.org/pipermail/zope/2001-August/097300.html Has anyone seen this in these circumstances? --r. — Russ Ferriday Solution Workshops for Plone (+44) (0) 7789 338868 http://www.solutionworkshops.com __ ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope ) — Russ Ferriday Solution Workshops for Plone (+44) (0) 7789 338868 http://www.solutionworkshops.com ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] ERROR(200) ZODB Couldn't load state for... Memory problem?
On Thu, 2004-07-22 at 18:51, Russ Ferriday wrote: > Thanks, Chris. > We're fronting two Zopes with Pound for load balancing. I can't > seethere would be any connection with this error. But I mention it > incase there's a pattern. Well, I am too in this particular case, but I doubt the frontend matters too much here. > Also, the database came from 2.7.0 and an earlier python. FTR that's also the case for me as well, but again I don't think that matters here. > This lookslike resource starvation to me. The servers run for an hour > or twothis problems shows up, becoming worse for a while, then we need > arestart. I think the problem is related to ZEO client storage "cache flips". I found an error in the log near the time of the "None has no attribute seek" symptom indicating that the Zope process tried to "flip" a ZEO cache file (by creating a new file) but UNIX file system permissions apparently prevented it. But then I turned off persistent ZEO client cachefile storage (but omitting the "zeo-client-name" parameter from zope.conf), believing this would be a workaround, but it hasn't been. I gave up at that point and that's where I am now. > I'm try to debug it tomorrow. What would you look for? Any tips > forresource monitoring? I think it's resource-related only tangentially; it's a genuine bug that only happens intermittently. My theory is that it will happen as often as a Zope client's ZEO client storage needs to flip its cache file. The cache file is only flipped when it exceeds a certain size and it only exceeds a certain size after a certain pattern of usage causes it to do so (lots of loads from the database of new items, typically). It would be nice if you could confirm this. Reading the Zope event log file of the client that generated the error would be a good start. - C ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: Re: [Zope-dev] ERROR(200) ZODB Couldn't load state for... Memory problem?
[Chris McDonough] > ... > I think the problem is related to ZEO client storage "cache flips". Me too. The 3.2 ZEO cache alternates between two cache files, in the two-element list self._f. Both elements are initialized to None, and the index of the current file in use (0 or 1) is in self._current. There's an implicit assumption throughout the code that self._f[self._current] is always an actual file object, but the "flip logic" is excruciating and that global invariant certainly isn't self-evident. > I found an error in the log near the time of the "None has no attribute > seek" symptom indicating that the Zope process tried to "flip" a ZEO > cache file (by creating a new file) but UNIX file system permissions > apparently prevented it. This was a traceback ending somewhere in ClientCache.checkSize()? That's where a cache flip happens. It changes its idea of self._current (from 0 to 1 or from 1 to 0) *before* making sure there's an actual file object in "the other" self._f slot. So, e.g., if self._f started life as [good_file_object, None] and self._current started at 0, and it came time for a cache flip, and a new file object couldn't be created in self._f[1], self._current would end up as 1 anyway, pointing to None. But this code gives me a headache, and I'm not sure that can actually happen (despite that I hear you guys saying it is ). > But then I turned off persistent ZEO client cachefile storage (but omitting > the "zeo-client-name" parameter from zope.conf), believing this would be a > workaround, but it hasn't been. I gave up at that point and that's where I am now. Did you continue to get errors in the log near cache-flip times? I don't see a way for checkSize() to screw up unless an unexpected exception is raised. > ... > My theory is that it will happen as often as a Zope client's ZEO client storage > needs to flip its cache file. The cache file is only flipped when it exceeds a > certain size and it only exceeds a certain size after a certain pattern of usage > causes it to do so (lots of loads from the database of new items, typically). It appears that once self._f[self._current] is None, all future attempts by ZEO to store into its client cache will fail the same way. So I'd be even more surprised if you saw just one of these occur. > It would be nice if you could confirm this. Reading the Zope event log > file of the client that generated the error would be a good start. The log is everything here. The ZEO client cache logs most relevant messages at info level, producing msgs starting with "ZEC". ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [Zope Enhancement Proposal] Sanitizing local roles
I agree with you, technically it is not in line with Dieter's proposal. But locically. Whenever I come accross one I have to deal with the other. And I never said, that we have to add all the information to one single table.. As you said, it is not really hard to write the code for a task as I propoaed. It is the fact that there is no easy way to get at this (badly needed) information that is anoying. Robert Andreas Jung wrote: --On Donnerstag, 22. Juli 2004 21:35 Uhr +0200 robert rottermann <[EMAIL PROTECTED]> wrote: I would like to see where a role was assigned. And If I can express yet an other wish: I would very much like to have a way to see what the settings for a particular User is. And where the settings for a given permissions have come from. Your problem is mainly a problem of visualization. and at least not directly related to Dieters proposal. For a project I wrote a UI where you can see for a given object in the ZODB hierarchy which permission/role settings are defined above in the tree and which subobjects override the settings. The code for doing this is not really a problem. The problem is how to put these informations in a UI. Given the nature of the problem one would really need a 3D display..maybe 4D :-) Andreas Jung zopyx.com - Software Development and Consulting Andreas Jung ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] [Zope Enhancement Proposal] Sanitizing local roles
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, 23 Jul 2004 03:30 am, Dieter Maurer wrote: > Moreover, I propose to change the local role management pages. > When setting local roles, information about "acquired" > local role definitions is very helpful. > I therefore propose to display this information on the local > role edit page. I have implemented a "security information" page that details this and more info. I've always found the default security edit pages to be less than useful since they inherently use acquisition, but don't tell you what would be or is currently acquired. The code is attached. We mix it in with every object. A sample output is also attached. I have found it invaluable when debugging permissions problems. Would this be a useful thing to add to 2.8? Richard -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBAKsMrGisBEHG6TARAiwuAJ9n7wLGWzhDa7kGyr/5q8zwi3SV0QCfXX1f JAcHE9s71y9N/4oyNgRiRg4= =ATJ2 -END PGP SIGNATURE- ManageViewAccess.py Description: application/python Access permissions dump Valid Roles: User Defined Roles: Local Roles: At ObjectLocal Roles Defined '.join(['%s: %s'%(i[0], ', '.join(i[1])) for i in _['sequence-item']])"> Permission Usage: PermissionAssigned To &dtml-sequence-key; &dtml-perm; from &dtml-from; Permission Settings: PermissionHas Roles Assigned '.join([', '.join(d['roles']) + ' from %(from)s'%d for d in _['sequence-item']])"> Title: CGPublisher › Zope › CGPublisher › publishers › 1 (Jane's Books) › products › 2 (Jane's test book 2) › details Jane's Books Works About Security Messages People Products Orders Work Templates Web Space Product Information · Availability · Subject · Book Information · Cover Images Access permissions dump Valid Roles: Actioner, Anonymous, Authenticated, Contributor, Creator, Manager, Owner, Publisher, System RPC, Visitor User Defined Roles: Local Roles: At ObjectLocal Roles Defined details 2 products admin: Owner 1 2: Publisher publishers admin: Owner CGPublisher admin: Owner Permission Usage: PermissionAssigned To DELETE Delete objects from webdav.Resource.Resource HEAD View from webdav.Resource.Resource LOCK WebDAV Lock items from webdav.Resource.Resource PROPFIND WebDAV access from webdav.Resource.Resource PROPPATCH Manage properties from webdav.Resource.Resource UNLOCK WebDAV Unlock items from webdav.Resource.Resource ac_inherited_permissions Change permissions from AccessControl.Role.RoleManager acquiredRolesAreUsedBy Change permissions from AccessControl.Role.RoleManager addStorageData Manage properties from Products.CGPublisher.storage.Storage.Storage addStorageDataForm Manage properties from Products.CGPublisher.storage.Storage.Storage asCGXML View public storage metadata from Products.CGPublisher.storage.Storage.Storage countRepetitions Access contents information from Products.CGPublisher.storage.Storage.Storage dummy_public View public storage metadata from Products.CGPublisher.storage.Storage.Storage dummy_shared View shared storage metadata from Products.CGPublisher.storage.Storage.Storage dump View private storage metadata from Products.CGPublisher.storage.Storage.Storage editPane View from Products.CGPublisher.storage.Storage.Storage editPaneHelper View from Products.CGPublisher.storage.Storage.Storage genericSchemaForm View from Products.CGPublisher.storage.Storage.Storage getAttribute Access contents information from OFS.ZDOM.Element getAttributeNode Access contents information from OFS.ZDOM.Element getAttributes Access contents information from OFS.ZDOM.Node getChildNodes Access contents information from OFS.ZDOM.Node getElementsByTagName Access contents information from OFS.ZDOM.Element getFirstChild Access contents information from OFS.ZDOM.Node getLastChild Access contents information from OFS.ZDOM.Node getNextSibling Access contents information from OFS.ZDOM.Node getNodeName Access contents information from OFS.ZDOM.Node getNodeValue Access contents information from OFS.ZDOM.Node getOntology Access contents information from Products.Ontology.UsesOntology.UsesOntology getOntologyRealm Access contents information from Products.Ontology.UsesOntology.UsesOntology getOwnerDocument Access contents information from OFS.ZDOM.Node getParentNode Access contents information from OFS.ZDOM.Node getPreviousSibling Access contents information from OFS.ZDOM.Node getSchemasForPaneSelect View from Products.CGPublisher.storage