[Grok-dev] megrok.kss ForbiddenAttribute error after updating to 0.14.1

Uli Fouquet uli at gnufix.de
Sun Dec 14 21:18:26 EST 2008 

Hi there,

Douglas Cerna wrote:

> I've upgraded to grok 0.14.1 after the security warning, but now my application, which uses megrok.kss stop working (traceback below). If I change to 0.14 the application works.
> 
> I also tested the "Adding AJAX to Grok with KSS" tutorial and got the same error. I suppose it's a problem with the megrok.kss package, right? What can be done about it?
> 
> Thanks, Douglas.
> 
> 2008-12-14T17:34:57 ERROR SiteError http://localhost:8080/app/index/@@welcome
> Traceback (most recent call last):
>   File "/home/elbixio/.buildout/eggs/zope.publisher-3.4.6-py2.4.egg/zope/publisher/publish.py", line 130, in publish
>     obj = request.traverse(obj)
>   File "/home/elbixio/.buildout/eggs/zope.publisher-3.4.6-py2.4.egg/zope/publisher/browser.py", line 527, in traverse
>     ob, add_steps = publication.getDefaultTraversal(self, ob)
>   File "/home/elbixio/.buildout/eggs/grok-0.14.1-py2.4.egg/grok/publication.py", line 62, in getDefaultTraversal
>     obj, path = super(GrokBrowserPublication, self).getDefaultTraversal(
>   File "/home/elbixio/.buildout/eggs/zope.app.publication-3.4.3-py2.4.egg/zope/app/publication/browser.py", line 66, in getDefaultTraversal
>     return ob.browserDefault(request)
> ForbiddenAttribute: ('browserDefault', <megrok.kss.meta.AppKSS object at 0xb4b634ac>)

Right, unfortunately this is a result of the 0.14.1 security changes.
This means, that probably also 0.13, 0.12.1, 0.12, 0.11.1 and 0.11 are
affected.

As a quick'n'dirty workaround for the tutorial example I would guess,
that it would help, if you derive your `KSS` instances also from
`grok.View`. So::

  class AppKSS(KSS):
    grok.view(Index)
    ...

would become

  class AppKSS(KSS, grok.View):
    grok.view(Index)
    ...

I know too little about megrok.kss to seriously estimate the
side-effects, but if you have grok instances publicly running, this one
might be better than using 0.14.

The real solution would possibly be eighter to set correct attribute
permissions in `megrok.kss`s configuration or to derive `KSS` itself
also from `grok.View`. Both had to be done in the `megrok.kss` package
itself.

There might also be a better solution.

Best regards,

-- 
Uli

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://mail.zope.org/pipermail/grok-dev/attachments/20081215/e10b2d3d/attachment-0001.bin

More information about the Grok-dev mailing list