[Zope-dev] hmmm.. wierd permission issues with
getPersistentItemIDs()...
Steve Alexander
steve@cat-box.net
Mon, 14 Aug 2000 14:37:48 +0100
Steve Spicklemire wrote:
>
> Hi ZPatterns folks...
>
> ZPatterns-0.4.1snap1
> Zope2.2.0-src
>
> I have a specialist with a defaultRack storing DataSkin subclassed
> ZClass instances with only persistent attribute providers.
>
> <dtml-var "defaultRack.getPersistentItemIDs()">
When I call that, I get <BTreeItems object at 869a5d8>. To get that list
of IDs, I use an external method:
def get_persistent_ids(self):
try:
items = self.defaultRack.aq_base.getPersistentItemIDs()
return map(lambda x: x, items)
except:
import sys, traceback, string
etype, val, tb = sys.exc_info()
sys.stderr.write(string.join(traceback.format_exception(etype,
val, tb),''))
del etype, val, tb
I've tried something like your code, with no sheetproviders in the rack.
I can't reproduce your error. I'm using the method as a Manager.
> or
>
> <dtml-in "defaultRack.getPersistentItemIDs()">
> ...
> </dtml-in>
>
> raise AuthorizationFailed
>
> <dtml-in "defaultRack.getPersistentItemIDs()" sort>
> ...
> </dtml-in>
>
> works fine. What did I do now? ;-)
Line 318, Rack.py. The method getPersistentItemIDs has no docstring. Is
that still significant under the new security model?
Does the user you're running the method as have the permission "Access
contents information" ?
Looks like you may have uncovered a Zope security bug in <dtml-in ...
sort> :-/
How could we test this further?
--
Steve Alexander
Software Engineer
Cat-Box limited
http://www.cat-box.net