[Zope] publishing a double-underscore method?

Terry Hancock hancock@anansispaceworks.com
Thu, 8 May 2003 11:40:04 -0700

On Wednesday 07 May 2003 03:57 am, Paul Winkler wrote:
> BUT then you get into why it's tricky to overload __getattr__...
> __getattr__ is already used heavily by zope for acquisition AND
> security, and as soon as I tried doing funky things with __getattr__
> i got all kinds of odd errors with very confusing tracebacks.
> This is the reason we have __bobo_traverse__.

I have a __bobo_traverse__ problem myself, which is baffling me:

* I have a Zope Object "Home" which has an overloaded
__bobo_traverse__.  Otherwise it inherits from "Folder".

* If the name requested is contained in "Home" (or aquirable?),
  it returns that. Otherwise, it does a database lookup using a
  ZSQL method, and tries to return the wrapped result:

return UserPB(username, self.DB.getUser(username=username)[0]).__of__(self)

Now if I visit the URL: "/Home/myuser" I see the result of
calling UserPB.index_html()  of the new object "myuser".

To get that far, I had to have UserPB inherit from Acquisition.Explicit
and Traversable, and I had to define methods "getId()" and

So far, so good.  But if I try to access the object "myuser" and
call one of its methods:

Home.restrictedTraverse('myuser').profile( ... args omitted ...)

then the security check in Traversable.traverse() fails -- I get
"You are not authorized to access myuser in this context"

Why could that happen?  I've used ClassSecurityInfo() in
"Home" and also setDefaultAccess("allow") (I might want to
change that later, once I understand what's going on).

I've tried the VerboseSecurity product on this, but it doesn't
make any difference in this case -- same messages (and
yes I am certain I'm using ZOPE_SECRITY_POLICY=PYTHON,
I've seen the logs with and without that, and without it,
VerboseSecurity logs an error on startup.

TIA for any ideas,
Terry Hancock ( hancock at anansispaceworks.com )
Anansi Spaceworks  http://www.anansispaceworks.com