Re: [Zope-dev] Security validation issue
Hi > Herman Geldenhuys wrote: > > > I've written a Zope product that exposes a "MenuItem". I add a menuItem > > in a Zope folder, and I have no difficulty accessing and editing it via > > the ZMI. I've written an xml-rpc-like protocol for Zope, that basically > > validates the security "manually". > > What do you mean by "manually"? By manually I mean that I have to do the validation myself. I have written a new protocol that plugs into the Zope application server. It's called OZE and I am about to release the source on sourceforge. Its an RPC-like protocol. But in a nutshell, I must do the security validation myself, because I bypass a few usual-Zope elements in the framework. I will gladly answer any other questions, but will this satisfy for now? H - Original Message - From: "Chris Withers" <[EMAIL PROTECTED]> To: "Herman Geldenhuys" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, January 30, 2004 10:48 AM Subject: Re: [Zope-dev] Security validation issue > Herman Geldenhuys wrote: > > > I've written a Zope product that exposes a "MenuItem". I add a menuItem > > in a Zope folder, and I have no difficulty accessing and editing it via > > the ZMI. I've written an xml-rpc-like protocol for Zope, that basically > > validates the security "manually". > > What do you mean by "manually"? > > > This code works for any other default Zope type, but not mine. Did I > > perhaps forgot a permission or something? > > Did you do security declarations for that method? > > > I can access this fine via the ZMI, but when I validate it this way, > > python just starts cursing at me. > > Why are you doing you own validation? ;-) > > cheers, > > Chris > ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Security validation issue
Herman Geldenhuys wrote: I've written a Zope product that exposes a "MenuItem". I add a menuItem in a Zope folder, and I have no difficulty accessing and editing it via the ZMI. I've written an xml-rpc-like protocol for Zope, that basically validates the security "manually". What do you mean by "manually"? This code works for any other default Zope type, but not mine. Did I perhaps forgot a permission or something? Did you do security declarations for that method? I can access this fine via the ZMI, but when I validate it this way, python just starts cursing at me. Why are you doing you own validation? ;-) cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Security validation issue
I've written a Zope product that exposes a "MenuItem". I add a menuItem in a Zope folder, and I have no difficulty accessing and editing it via the ZMI. I've written an xml-rpc-like protocol for Zope, that basically validates the security "manually". This menuItem has an attribute called "def getVersion(self):" which returns an int. This is the Code that prevents me from accessing the method in python, via my protocol: if not AccessControl.getSecurityManager().validate(None, object, attributes[-1]): raise UnauthorisedAccessException('Unauthorised: ' + originalAddress) object = > This is the method getVersion attributes[-1] = "getVersion" (string) UnauthorisedAccessException: Unauthorised: menus.administration.addUser.getVersion This code works for any other default Zope type, but not mine. Did I perhaps forgot a permission or something? I can access this fine via the ZMI, but when I validate it this way, python just starts cursing at me. Can somebody help? Thanks H ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )