[Zope] Why doesn't this work?

Dylan Reinhardt zope@dylanreinhardt.com
28 Jul 2003 14:41:46 -0700 

You're declaring security, but do you initialize the class to use it?  

Put: 

--------

Globals.InitializeClass(MyContainer)

--------

after your class definition, at the same level.

Does that do the trick?

HTH,

Dylan


PS - You'll probably want to look into __bobo_traverse__() instead of
__getattr__() when it comes time to move beyond get_obj()



On Mon, 2003-07-28 at 14:28, Terry Hancock wrote:
> This is a simple project example.  I'm trying to wrap an object
> generated on the fly and publish methods from it.  However,
> as I'm doing it, I get an HTTP authentication challenge, and it
> does not recognize any usernames, including the superuser, so
> I always have to click "cancel" which gives me a "you are not
> allowed to access index_html in this context" in this case.
> 
> The main module is included below, and I've put a tar file of
> the product here:
> http://manage.narya.net/Anansi/Download/PBTest.030728.tgz
> 
> To test it:
> 
> * Add a "My Container" object ("folderish").
> * Inside the "My Container" object, create a python script called
>   "test_html", with the following contents:
> """
> return context.get_obj("Green").index_html
> """
> * Access the URL of the test_html script.
> 
> What should happen is that the server should return text saying
> "Test version of index_html for Green object."
> 
> But what I actually get is a challenge popup, which I can't
> satisfy with any valid usernames on the server, and thus I get the
> message:
> """
> Error Type: Unauthorized
> Error Value: You are not allowed to access index_html in this context
> """
> 
> Obviously, there's something incomplete about the PB_Object
> instance,  but I can't figure out what it might be.
> 
> Source of PBTest.py:
> ---snip------------------------------------------
> #  Test returning PB transitory object from a folder-like object.
> #  This is a technique I want to use in Narya, but it's running into
> #  permissions problems.
> """
> Test PB return object publishing.
> """
> 
> # Probably don't need all of these imports -- this is taken from Home.py
> 
> # Python Standard Library:
> import string
> 
> # Zope:
> import Acquisition
> from Globals import DTMLFile
> from OFS.Folder import Folder
> from OFS.Traversable import Traversable
> from Globals import Persistent
> from OFS.SimpleItem import SimpleItem
> from AccessControl.DTML import DTMLSecurityAPI
> SecurityGetUser = DTMLSecurityAPI.SecurityGetUser
> from AccessControl import ClassSecurityInfo
> import AccessControl
> 
> from Interface import Base, Attribute
> 
> 
> class MyContainer(Folder):
>     """
>     The container object will contain Zope objects, but also some objects generated on the fly.
>     """
>     meta_type =  "My Container"
> 
>     security = ClassSecurityInfo()
>     security.setDefaultAccess("allow")
> 
>     
>     security.declarePublic("get_obj")
>     def get_obj(self, name, REQUEST=None, RESPONSE=None):
> 	"""
> 	Get an object by name.  Probably to be replaced by __getattr__?
> 	"""
> 	if hasattr(self, name):
> 	    return getattr(self, name)
> 	elif name in ("Red", "Green", "Blue"):
> 	    return PB_Object(name).__of__(self)
> 
> manage_addMyContainerForm = DTMLFile('MyContainerForm', globals())
> 
> def manage_addMyContainer(self, id, title='', REQUEST=None):
>     """
>     Add a new MyContainer folder.
>     """
>     ob=MyContainer(id, title=title)
>     ob.id=str(id)
>     ob.title=title
>     self._setObject(id, ob)
>     ob=self._getOb(id)
> 
>     if REQUEST is not None:
>         return self.manage_main(self, REQUEST, update_menu=1)
> 
> 
> class PB_Object(Acquisition.Implicit):
>     """
>     The object to be generated on the fly.
>     """
>     meta_type = "PB Object"
> 
>     security = ClassSecurityInfo()
>     security.setDefaultAccess("allow")
> 
>     def __init__(self, pb_name):
> 	self.pb_name = pb_name
> 	self.id = pb_name
> 	self.title = pb_name
> 
>     security.declarePublic("index_html")
>     def index_html(self, REQUEST=None, RESPONSE=None):
> 	"""Silly docstring for index_html"""
> 	return "Test version of index_html for %s object." % self.pn_name
> 
> 
>     security.declarePublic("getId")
>     def getId(self):
> 	"""
> 	Apparently required but undocumented interface for Zope traversal.
> 	#$(&#*!!!!
> 	"""
> 	return self.id
> ---snip----------------------------------------------------
> 
> I'd really like to understand what's going on here, so any help
> will be much appreciated.
> 
> Cheers,
> Terry
> 
> --
> Terry Hancock ( hancock at anansispaceworks.com )
> Anansi Spaceworks  http://www.anansispaceworks.com
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )