Hi,<br>here is what I have understood in zope3 security policy:<br><br><div class="gmail_quote">On Mon, Feb 21, 2011 at 1:28 PM, Michael Seifert <span dir="ltr"><<a href="mailto:michael.seifert@gmx.net">michael.seifert@gmx.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="im">-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
</div>Am 04.02.2011 17:04, schrieb Thierry Florac:<br>
<div><div></div><div class="h5">> Hi,<br>
><br>
><br>
> Le vendredi 4 février 2011,<br>
> Michael Seifert <<a href="mailto:michael.seifert@gmx.net">michael.seifert@gmx.net</a>> a écrit :<br>
> ======================================================================<br>
>> Hello everyone,<br>
><br>
>> I recently started a Zope3 project, but I am stuck at the very<br>
>> beginning. Although I have some experience with Zope2, the more<br>
>> flexible approach to developing web applications was giving me a<br>
>> really hard start. Let me point out my situation:<br>
>> I created a container hierarchy which is stored in ZODB. Say I have a<br>
>> set of object types A, B, C, D, whose relationships look like the<br>
>> following (edges represent containment, i.e. A contains B,... where B<br>
>> and D are in subcontainers of A):<br>
><br>
>> A<br>
>> / \<br>
>> B D<br>
>> |<br>
>> C<br>
><br>
>> C has an attribute referencing an object of type D. As this attribute<br>
>> is mandatory on creation, I created a vocabulary, which ascends the<br>
>> hierarchy from the current context until it reaches A and returns all<br>
>> objects of type D.<br>
>> Now the part that doesn't work:<br>
>> While ascending from C to B and from B to A works fine, descending<br>
>> from A to D returns a security proxied object and since these objects<br>
>> cannot be pickled, I cannot store it's reference in the attribute of<br>
>> C.<br>
><br>
>> 1. Is this the way it's meant to be done? :) What is your opinion of<br>
>> storing B and D objects in subcontainers of A?<br>
><br>
> That shouldn't be a problem, it's not different when you use a "basic"<br>
> folder-like container which, internally, stores sub-objects in an<br>
> internal b-tree container ; the only difference here is that you own<br>
> two internal containment attributes.<br>
><br>
><br>
>> 2. Are there any means to turn the vocabulary into trusted code, so it<br>
>> will not be encapsulated in a proxy (without deactivating the security<br>
>> proxy)?<br>
><br>
> Perhaps can you use the "removeSecurityProxy" function ?<br>
><br>
><br>
>> 3. How do you reference objects like you do with foreign keys in<br>
>> relational databases? I want to do this to prevent objects from being<br>
>> saved multiple times.<br>
><br>
> If the targetted object is persistent (and so a subclass of<br>
> "Persistent" class), it should be stored only once in the database<br>
> (just try to alter properties of an object and check if the other one<br>
> is also modified or not to check !)<br>
> Another way I commonly use to store references is to store only an<br>
> IIntIds utility reference, which is an integer ; the benefit of this<br>
> is that this value can easilly be indexed.<br>
><br>
> Regards,<br>
> Thierry<br>
<br>
</div></div>Thanks Thierry, your answer helped a lot.<br>
<br>
I solved the issue with:<br>
from zope.security.proxy import removeSecurityProxy<br>
def vocab(context):<br>
...<br>
return SimpleVocabulary.fromValues([removeSecurityProxy(elem) for elem<br>
in context.values()]))<br>
<br>
<br>
Still, I have some questions regarding the security.<br>
<br>
1.<br>
When creating the vocabulary with<br>
return SimpleVocabulary.fromValues([elem.someFunc() for elem in<br>
context.values()]))<br>
I noticed that elem in context.values() are not proxied yet, so the<br>
actual wrapping must take place before the values are passed to the ZMI.<br>
How does calling the removeSecurityProxy function prevent the objects<br>
from being wrapped, since the wrapping takes place AFTER the function call?<br>
(I had a look at the sources, but the implementation resides in<br>
zope.security._proxy which is a binary .so file)<br>
<br>
<br></blockquote><div><br>The removeSecurityProxy does not prevent the object from being proxied: it allows the storage of the object in an attribute without its proxy.<br>The original object will always be proxied.<br> <br>
</div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
2.<br>
The vocabularies are registered as utilities in the .zcml file(s).<br>
Since access to objects from these vocabularies is not checked by a<br>
security proxy: Is it therefore possible that any user can access the<br>
vocabulary data?<br>
If so, is there a way to restrict access to the utility vocabularies?<br>
<br></blockquote><div><br>You can use the utility permission attribute.<br><br> <br></div><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Regards,<br>
Michael<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2.0.17 (GNU/Linux)<br>
<div class="im">Comment: Using GnuPG with Mozilla - <a href="http://enigmail.mozdev.org/" target="_blank">http://enigmail.mozdev.org/</a><br>
<br>
</div>iEYEARECAAYFAk1iWlAACgkQnzX+Jf4GTUxO2gCeIoKh8l+6QaGsDo07WKUT2Y94<br>
BDQAn16rtkPVIIPo5N8a2K7A/SsOdoQU<br>
=dHUQ<br>
<div><div></div><div class="h5">-----END PGP SIGNATURE-----<br>
_______________________________________________<br>
Zope3-users mailing list<br>
<a href="mailto:Zope3-users@zope.org">Zope3-users@zope.org</a><br>
<a href="https://mail.zope.org/mailman/listinfo/zope3-users" target="_blank">https://mail.zope.org/mailman/listinfo/zope3-users</a><br>
</div></div></blockquote></div><br>Regards,<br>Simon<br>