[Zope-dev] Security validation issue

Herman Geldenhuys hgeldenhuys at gims.com
Wed Jan 28 09:59:44 EST 2004


I've written a Zope product that exposes a "MenuItem". I add a menuItem in a Zope folder, and I have no difficulty accessing and editing it via the ZMI. I've written an xml-rpc-like protocol for Zope, that basically validates the security "manually". 

This menuItem has an attribute called "def getVersion(self):" which returns an int.

This is the Code that prevents me from accessing the method in python, via my protocol:

if not AccessControl.getSecurityManager().validate(None, object, attributes[-1]):
                        raise UnauthorisedAccessException('Unauthorised: ' + originalAddress)

object = <bound method HWMenuItem.getVersion of <HWMenuItem instance at 01B7B290>>
              This is the method getVersion

attributes[-1] = "getVersion" (string)

UnauthorisedAccessException: Unauthorised: menus.administration.addUser.getVersion

This code works for any other default Zope type, but not mine. Did I perhaps forgot a permission or something?

I can access this fine via the ZMI, but when I validate it this way, python just starts cursing at me.

Can somebody help?

Thanks

H
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope-dev/attachments/20040128/48b6c9ac/attachment-0001.html


More information about the Zope-Dev mailing list