Re: [Zope-dev] skinscript and URL traversal question
Hi all, A solution has been found. woohoo. A not found error was produced with direct URL traversal. Steve Spicklemire sent this solution off list. The process is split into two steps: Do the query to 'load the object on traversal': WITH QUERY searchBy_Name(name=self.id) COMPUTE name Do the query to 'load the attributes needed for rendering a particular document': WITH QUERY searchByNameCheck(self.id) COMPUTE username,coupon_text,categorylist,categoryheader,expirationdate,status,couponterms During traversal AUTHENTICATED_USER is not yet defined, so it's no good trying to get to it. However, once authentication has happened (after Zope has sorted out what object you're after an imposed security on the object..) then it should be OK. Since the Storage tab uses 'name' to load the object, we can't access AUTHENTICATED_USER before loading 'name', but the other attributes are OK. -Aaron ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] skinscript and URL traversal question
At 09:41 AM 1/19/01 -0500, Aaron Payne wrote: >At 09:38 AM 1/19/01 -0500, Phillip J. Eby wrote: > >> >>Thus, your >> >>SkinScript is running as anonymous, and probably doesn't have rights to >> >>access the SQL method. >> >>You might need to change the proxy roles setting on >> >>the SkinScript method so that when the SkinScript runs it always has >> >>appropriate roles to do what it needs to do. >> > >> >I gave the skinscript trigger a proxy role of manager. Actually, I gave >> >all methods involved a proxy of manager. The same error was produced. >> >>What version of Zope are you using? > > >Zope version: Zope 2.2.1 >Platform: freebsd4 > Hmm. You've got me, then. Have you tried taking the Python Method out of the mix and using the SQL method directly, like this: WITH QUERY searchBy_Name(name=self.id) Also, have you tried running Zope with logging ("STUPID_LOG_FILE") enabled? What gets added to the log when you try to access the object via bobo_traverse? ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] skinscript and URL traversal question
At 09:38 AM 1/19/01 -0500, Phillip J. Eby wrote: > >>This is probably a permissions issue. During __bobo_traverse__, the user > >>has not yet been authenticated, and is effectively anonymous. > > > >I was logged in as a manager. > >That would not make any difference. As I said, when __bobo_traverse__ is >called, nobody is "logged in", because Zope hasn't gotten around to >checking who you are yet. > > > >>Thus, your > >>SkinScript is running as anonymous, and probably doesn't have rights to > >>access the SQL method. > >>You might need to change the proxy roles setting on > >>the SkinScript method so that when the SkinScript runs it always has > >>appropriate roles to do what it needs to do. > > > >I gave the skinscript trigger a proxy role of manager. Actually, I gave > >all methods involved a proxy of manager. The same error was produced. > >What version of Zope are you using? Zope version: Zope 2.2.1 Platform: freebsd4 ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] skinscript and URL traversal question
At 09:05 AM 1/19/01 -0500, Aaron Payne wrote: >At 05:02 PM 1/18/01 -0500, Phillip J. Eby wrote: >>At 08:54 AM 1/18/01 -0500, Aaron Payne wrote: >> >Hi all, >> > >> >I originally posted this to the zope list and, upon suggestion, I am >> >reposting it to zope-dev. >> > >> >I'm using a zsql method in a skinscript with query ... compute ... and it >> >mostly works. Retrieving the dataskin with getItem() works. For example, >> >Cid is the id of the coupon dataskin. >> > >> > >> > >> >>This is probably a permissions issue. During __bobo_traverse__, the user >>has not yet been authenticated, and is effectively anonymous. > >I was logged in as a manager. That would not make any difference. As I said, when __bobo_traverse__ is called, nobody is "logged in", because Zope hasn't gotten around to checking who you are yet. >>Thus, your >>SkinScript is running as anonymous, and probably doesn't have rights to >>access the SQL method. >>You might need to change the proxy roles setting on >>the SkinScript method so that when the SkinScript runs it always has >>appropriate roles to do what it needs to do. > >I gave the skinscript trigger a proxy role of manager. Actually, I gave >all methods involved a proxy of manager. The same error was produced. What version of Zope are you using? ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] skinscript and URL traversal question
At 05:02 PM 1/18/01 -0500, Phillip J. Eby wrote: >At 08:54 AM 1/18/01 -0500, Aaron Payne wrote: > >Hi all, > > > >I originally posted this to the zope list and, upon suggestion, I am > >reposting it to zope-dev. > > > >I'm using a zsql method in a skinscript with query ... compute ... and it > >mostly works. Retrieving the dataskin with getItem() works. For example, > >Cid is the id of the coupon dataskin. > > > > > > > >This is probably a permissions issue. During __bobo_traverse__, the user >has not yet been authenticated, and is effectively anonymous. I was logged in as a manager. >Thus, your >SkinScript is running as anonymous, and probably doesn't have rights to >access the SQL method. >You might need to change the proxy roles setting on >the SkinScript method so that when the SkinScript runs it always has >appropriate roles to do what it needs to do. I gave the skinscript trigger a proxy role of manager. Actually, I gave all methods involved a proxy of manager. The same error was produced. >The reason it would work from in a DTML method, is that when a DTML method >runs, the user has already been authenticated, so the SkinScript runs with >the user's rights, and they have rights to call the SQL method. > >If you run Zope in debug mode and do this, you should probably see some >console output about an error in computing the WITH-COMPUTE statement when >you try to run it via bobo_traverse. It'll probably say the SQL method is >not found (because it doesn't have permissions to access it in that context). ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] skinscript and URL traversal question
At 08:54 AM 1/18/01 -0500, Aaron Payne wrote: >Hi all, > >I originally posted this to the zope list and, upon suggestion, I am >reposting it to zope-dev. > >I'm using a zsql method in a skinscript with query ... compute ... and it >mostly works. Retrieving the dataskin with getItem() works. For example, >Cid is the id of the coupon dataskin. > > > This is probably a permissions issue. During __bobo_traverse__, the user has not yet been authenticated, and is effectively anonymous. Thus, your SkinScript is running as anonymous, and probably doesn't have rights to access the SQL method. You might need to change the proxy roles setting on the SkinScript method so that when the SkinScript runs it always has appropriate roles to do what it needs to do. The reason it would work from in a DTML method, is that when a DTML method runs, the user has already been authenticated, so the SkinScript runs with the user's rights, and they have rights to call the SQL method. If you run Zope in debug mode and do this, you should probably see some console output about an error in computing the WITH-COMPUTE statement when you try to run it via bobo_traverse. It'll probably say the SQL method is not found (because it doesn't have permissions to access it in that context). ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] skinscript and URL traversal question
Hi all, I originally posted this to the zope list and, upon suggestion, I am reposting it to zope-dev. I'm using a zsql method in a skinscript with query ... compute ... and it mostly works. Retrieving the dataskin with getItem() works. For example, Cid is the id of the coupon dataskin. Trying to access the object directly through URL traversal fails. http://CouponSite/CouponManager/977931214.694/CouponDetails Where: CouponManager is a specialist 977931214.694 is the id of the coupon dataskin CouponDetails displays the coupon attributes with: It returns a not found error. The CouponManager specialist can't find the coupon 977931214.694. Any thoughts why this is so? SkinScript Trigger: WITH QUERY searchByNameCheck(self.id) COMPUTE name,username,coupon_text,categorylist,categoryheader,expirationdate,status,couponterms PythonMethod: searchByNameCheck self,name Cname=name result=self.searchBy_Name(name=Cname) #zsql method return result Error Type: NotFound Error Value: None Traceback (innermost last): File /usr/local/etc/Zope2d/lib/python/ZPublisher/Publish.py, line 222, in publish_module File /usr/local/etc/Zope2d/lib/python/ZPublisher/Publish.py, line 187, in publish File /usr/local/etc/Zope2d/lib/python/Zope/__init__.py, line 221, in zpublisher_exception_hook (Object: ProviderContainer) File /usr/local/etc/Zope2d/lib/python/ZPublisher/Publish.py, line 162, in publish File /usr/local/etc/Zope2d/lib/python/ZPublisher/BaseRequest.py, line 338, in traverse File /usr/local/etc/Zope2d/lib/python/Products/ZPatterns/Specialists.py, line 25, in __bobo_traverse__ (Object: ProviderContainer) NotFound: (see above) Zope version: Zope 2.2.1 (source release, python 1.5.2, linux2) System Platform: freebsd4 -thanks, Aaron ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )