[Zope] Problem with product security and setDefaultAccess()

Jean-Francois.Doyon at CCRS.NRCan.gc.ca Jean-Francois.Doyon at CCRS.NRCan.gc.ca
Tue Sep 2 14:25:08 EDT 2003 

Hello,

I've written a product that behaves much like a Database Adapter/Z SQL
Method type combination, only it queries a web service, parses the XML, and
returns the results.

Most things seem to be working OK, only now I'm having trouble accessing the
results through PythonScripts (i.e. restricted TTW code). (Thought the ZMI
DTML works ok without complaining)

The results are stored in a ResultSet class, which has as attribute a list
of objects which are instances of the Result class (i.e. Records) ...

This result class provides methods that I keep getting denied access to, no
matter what I try.  The ResultSet and Result classes do not subclass
anything, they're real dumb, and non-persistent.

I'm trying to access the gettypename() method, but I always get an access
denied.  I installed VerboseSecurity and it keep insisting that:

The container has no security assertions. Access to 'gettypename' of
(Products.Atlas.WFSResults.WFSResult instance at 0x8af92fc) denied.

Which so far as I can tell isn't true, since the WFSResultSet DOES have a
setDefaultAccess("allow") on it, which in this case should be perfectly
safe, or at least good enough for testing.
I've tried adding security assertions all over the place, including in the
WFSResult class itself, on the method itself, etc ... without any change in
the errors. I've tried declaring public, using specific permissions, etc ...

I'm out of ideas ... help ?

from xml.parsers.expat import ParserCreate
from AccessControl import ClassSecurityInfo
 
class WFSResultSet:
 
        ClassSecurityInfo().setDefaultAccess("allow")
 
        def __init__(self, getfeaturexml, typenames, typeinfo):
                class WFSResult:
 
                        def __init__(self, typename, resultset):
                                self.typename = typename
                                self.resultset = resultset
 
                        def gettypename(self):
                                return self.typename
 
                # Define the expat parsing callback functions

               <snip>

                parser.Parse(getfeaturexml)
                 
                resultsasinstances = [] 
 
                for item in results:  
                        resultsasinstances.append( WFSResult( item[0],
item[1] ) )
                         
                self.results = resultsasinstances 

        def __getitem__(self, index): 
                return self.results[index]

Thanks,

Jean-François Doyon
Internet Service Development and Systems Support
GeoAccess Division
Canadian Center for Remote Sensing
Natural Resources Canada
http://atlas.gc.ca
Phone: (613) 992-4902
Fax: (613) 947-2410

More information about the Zope mailing list