[Zope-DB] Re: [egenix-users] Permission woes
charlie at egenix.com
Tue Apr 6 10:25:12 EDT 2004
sorry for our delay in replying to this. I'm also cc'ing it to the Zope-DB
list as it might be of interest to users there as well.
The reason is that the objects in question (DatabaseConnection objects
returned by the ZopeConnect object) do not define any security information
and Zope then restricts access by default.
There are three solutions to this:
1) the standard Zope approach
from Products.ZSELMethods.SQL import SQL
methodId = 'sqlListEmployees'
setattr(self, methodId, SQL(methodId, '', 'employeesDB', 'Select * FROM
which will work with any ZopeDA
2) adjusting security settings to allow PythonScripts to do this kind of
thing. As this isn't to be encouraged as it applies to all PythonScripts we
won't give the details here.
3) Use an external Method. This has the advantage of being much finer grained
conrtol than allowing all PythonScripts to do something but done properly is
nearly as flexible.
Create a file in ~/Extensions say ODBC_SQL.py
This is essentially needs only one function:
def callSQL(connectionObject, statement):
conn = connectionObject.database_connection()
Create an external method say SQL which points to callSQL in ODBC_SQL
You can then call this method from any PythonScript and simply pass it the
connection and statement you want to execute.
In your case the PythonScript needs only to be modified slightly, depending
on what you want to.
statement = """select [Building ID] from [Buildings]
where [Building Name] = ?""", building)
columns, results = context.SQL(container.crc_db, statement)
Hope that helps.
On 2004-03-31 at 17:52:11 [+0200], todd wrote:
> My configuration:
> Windows XP
> Zope 2.7.0
> I created an mxODBC Database Connection (called "crc_db") to an existing
> Access database. I created Z SQL Methods and sucessfully called them from a
> Python script. However, I can't get .execute() to work on a connection. Here
> is the code portion that's giving me problems:
> connection = container.crc_db.get_connection()
> building_rowset = connection.execute('select [Building ID] from [Buildings]
> where [Building Name] = ?', building)
> Whenever this code runs, a dialog box pops up in the web browser asking the
> user to log in. The dialog doesn't accept my Zope account (user todd).
> Escaping from the dialog produces this message:
> Error Type: Unauthorized
> Error Value: You are not allowed to access 'execute' in this context
> I tried giving the script the Manager and Owner proxy roles, but this didn't
> change the behavior. The script, the connection, and the containing folder
> belong to user todd.
Professional Python Services directly from the Source
>>> Python/Zope Consulting and Support ... http://www.egenix.com/
>>> mxODBC.Zope.Database.Adapter ... http://zope.egenix.com/
>>> mxODBC, mxDateTime, mxTextTools ... http://python.egenix.com/
::: Try mxODBC.Zope.DA for Windows,Linux,Solaris,FreeBSD for free ! ::::
More information about the Zope-DB