Re: [Zope-dev] Security validation issue
Hi > Herman Geldenhuys wrote: > > > I've written a Zope product that exposes a "MenuItem". I add a menuItem > > in a Zope folder, and I have no difficulty accessing and editing it via > > the ZMI. I've written an xml-rpc-like protocol for Zope, that basically > > validates the security "manually". > > What do you mean by "manually"? By manually I mean that I have to do the validation myself. I have written a new protocol that plugs into the Zope application server. It's called OZE and I am about to release the source on sourceforge. Its an RPC-like protocol. But in a nutshell, I must do the security validation myself, because I bypass a few usual-Zope elements in the framework. I will gladly answer any other questions, but will this satisfy for now? H - Original Message - From: "Chris Withers" <[EMAIL PROTECTED]> To: "Herman Geldenhuys" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, January 30, 2004 10:48 AM Subject: Re: [Zope-dev] Security validation issue > Herman Geldenhuys wrote: > > > I've written a Zope product that exposes a "MenuItem". I add a menuItem > > in a Zope folder, and I have no difficulty accessing and editing it via > > the ZMI. I've written an xml-rpc-like protocol for Zope, that basically > > validates the security "manually". > > What do you mean by "manually"? > > > This code works for any other default Zope type, but not mine. Did I > > perhaps forgot a permission or something? > > Did you do security declarations for that method? > > > I can access this fine via the ZMI, but when I validate it this way, > > python just starts cursing at me. > > Why are you doing you own validation? ;-) > > cheers, > > Chris > ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Security validation issue
Herman Geldenhuys wrote: I've written a Zope product that exposes a "MenuItem". I add a menuItem in a Zope folder, and I have no difficulty accessing and editing it via the ZMI. I've written an xml-rpc-like protocol for Zope, that basically validates the security "manually". What do you mean by "manually"? This code works for any other default Zope type, but not mine. Did I perhaps forgot a permission or something? Did you do security declarations for that method? I can access this fine via the ZMI, but when I validate it this way, python just starts cursing at me. Why are you doing you own validation? ;-) cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
[Zope-dev] Security validation issue
I've written a Zope product that exposes a
"MenuItem". I add a menuItem in a Zope folder, and I have no difficulty
accessing and editing it via the ZMI. I've written an xml-rpc-like protocol
for Zope, that basically validates the security "manually".
This menuItem has an attribute called "def
getVersion(self):" which returns an int.
This is the Code that prevents me from accessing
the method in python, via my protocol:
if not
AccessControl.getSecurityManager().validate(None, object,
attributes[-1]):
raise UnauthorisedAccessException('Unauthorised: ' +
originalAddress)
object = >
This is the method getVersion
attributes[-1] =
"getVersion" (string)
UnauthorisedAccessException: Unauthorised:
menus.administration.addUser.getVersion
This code works for any other default Zope type,
but not mine. Did I perhaps forgot a permission or something?
I can access this fine via the ZMI, but when I
validate it this way, python just starts cursing at me.
Can somebody help?
Thanks
H
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
