[Zope] NUXUserGroups Zope security

Sion Morris s.morris@bangor.ac.uk
Sun, 14 Jul 2002 13:32:29 +0100


On Sunday, July 14, 2002, at 11:32  am, Chris Withers wrote:

> Sion Morris wrote:
>>
>> So to access any methods of objects from a python script or DTML I have
>> to create an external method? Is this right.
>
> Yes, unless those methods have been specifically designed to be used 
> from Python
> Scripts.
>
>> Would some kind soul
>> explain why this is the case or if I'm doing it incorrectly or I missed
>> something.
>
> It's for security reasons. If you have a look in standard.py of the
> PythonScripts product, you can see how to make security assertions about
> modules, classes and their methods.
>
>> I have read the security.declareProtected stuff on ZDG and noticed that
>> getUsers has
>> security.declareProtected(ManageUsers, 'getUsers'). The python script
>> above has a proxy role of manager which has permission to 'Manage 
>> users'.
>
> Hmmm... that is odd. Are you sure that's the getUsers you're executing?
> If it is, then maybe there's a bug lurking here?

It may be that I'm accessing the wrong method. This is what I've done to 
check (hope not to show my complete ineptness):

In a python script:

group=context.acl_users.getGroupById('OMT') #where 'OMT' is the name of 
the group.
return group

Executing the script return an error as expected, but with "Resource: 
Group instance at 8e8ae18"

So a 'Group' object is returned. The class 'Group' from 
UserFolderWithGroups.py (NuxUserGroups) has a method

security.declareProtected(ManageUsers, 'getUsers')
def getUsers(self):
         """Group users"""
         return tuple(self.users)

This is what I'm attempting to use here:

group=context.acl_users.getGroupById('OMT') #where 'OMT' is the name of 
the group.
users = group.getUsers()
return users

except  an error is raised: "Error Value: You are not allowed to access 
getUsers in this context"!

>
> cheers,
>
> Chris
>

I can use an external method to access these methods but it feels like 
needless duplication.

Many thanks,

Sion