Fw: Security validation issue
Herman Geldenhuys
hgeldenhuys at gims.com
Wed Jan 28 09:56:09 EST 2004
Oops! Sorry guys, wrong list...
Apologies.
----- Original Message -----
From: Herman Geldenhuys
To: python-list at python.org
Sent: Wednesday, January 28, 2004 4:54 PM
Subject: Security validation issue
I've written a Zope product that exposes a "MenuItem". I add a menuItem in a Zope folder, and I have no difficulty accessing and editing it via the ZMI. I've written an xml-rpc-like protocol for Zope, that basically validates the security "manually".
This menuItem has an attribute called "def getVersion(self):" which returns an int.
This is the Code that prevents me from accessing the method in python, via my protocol:
if not AccessControl.getSecurityManager().validate(None, object, attributes[-1]):
raise UnauthorisedAccessException('Unauthorised: ' + originalAddress)
object = <bound method HWMenuItem.getVersion of <HWMenuItem instance at 01B7B290>>
This is the method getVersion
attributes[-1] = "getVersion" (string)
UnauthorisedAccessException: Unauthorised: menus.administration.addUser.getVersion
This code works for any other default Zope type, but not mine. Did I perhaps forgot a permission or something?
I can access this fine via the ZMI, but when I validate it this way, python just starts cursing at me.
Can somebody help?
Thanks
H
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20040128/23b75f4b/attachment.html>
More information about the Python-list
mailing list