IRC log of #zope3-dev for Saturday, 2005-04-09

*** niemeyer has quit IRC00:01
*** hazmat_ has joined #zope3-dev00:02
*** J1m has quit IRC00:05
*** hazmat has quit IRC00:12
*** bradb has quit IRC00:15
*** MiUlEr has quit IRC00:24
*** srichter has quit IRC00:41
*** C8E has joined #zope3-dev00:52
*** dman13 has joined #zope3-dev01:15
dman13anyone want to help me debug a strange Unauthorized error?  I have a wiki in a site; users come from ldap.  All users are granted all roles (including administrator) at the root of the site.  All users are fine, except for one -- this one gets an Unauthorized error in the middle of
projekt01dman13, what' the name of the user?01:22
dman13projekt01: gwaffen01:22
projekt01Hm, how is your setup with LDAP?01:22
projekt01You use the trunk? Or 3X01:22
dman13projekt01: if I try using pdb.set_trace() in getDefaultTraversal, the problem object shows no attributes with dir().01:22
dman13projekt01: 3.0.0, using ldapauth01:23
dman13projekt01: what I can't figure is why it works for all the other (4) users but not this one01:23
projekt01What is the problem object? A PrincipalInformation instance? Or the object which you traverse?01:24
dman13projekt01: the object being traversed:01:24
dman13< from /srv/zope3/main/lib/python/zwiki/browser/ object at 0x4405e5ec>01:24
projekt01Is the wiki at all not accessible for this user?01:25
projekt01Or just this view01:25
dman13nothing that I have tried is accessible by this user01:25
dman13I should mention that the CSS resource is accessible01:26
C8Edman13: kill that user ;)01:26
dman13it's my boss, actually01:26
projekt01Ok, please add a simple file and try to access this file, then we are sure that's no the wiki which makes problem01:26
projekt01NO, wait with killing01:26
C8Eerr, don't kill it01:26
projekt01I also think it's the user which is bad but this user gets created each time you login01:27
projekt01Did you try to login again in a fresh browser? Did you have the same situation?01:28
dman13projekt01: yeah, this started a few days ago (well, that was the first time he tried to use the wiki) and just today I started to investigate it.  Different computers, different browser processes and different browsers (win32 firefox vs. linux galeon)01:29
dman13also, as projekt01 said, the user is pulled from ldap each time, so there is nothing in the zodb to delete (other than permission grants)01:29
projekt01Did you try to add and access a file next to the wiki?01:29
dman13so, I created the File object01:29
*** bskahan has joined #zope3-dev01:30
dman13(interesting, the Data field of the add form doesn't work)01:30
projekt01Hm, I think we added a cache for users?01:30
dman13the user can view it http://.../hello-world.txt, but can't preview it hello-world.txt/@@preview.html01:30
dman13projekt01: that isn't persistent across server restarts, is it?01:30
dman13projekt01: I restarted the server several time as I added debug 'prints'01:31
dman13btw, I put that File in the root of the zope system, so no folders or any other objects in the way01:31
projekt01No over server restarts the principal will be read form the LDAP again01:32
projekt01But in a browser session it should be cached.01:32
projekt01Your question about accessing only the hello-world view,01:33
projekt01This is because you only have "Authenticated" principal, I think.01:33
projekt01Can you go  to the Error view01:34
projekt01Go to settings at the error view and lear the textarea and save it.01:34
projekt01Then try again01:35
dman13projekt01: it -should- have all roles including administrator01:35
dman13projekt01: ignored exception types?  that field is empty01:35
projekt01This should handle Unauthorized errors as errors, then you get a better Traceback01:35
dman13yeah, I get those errors logged, but it doesn't tell me -why- the user is unauthorized.  It does show the permission needed, but I don't see any mention of roles at all01:36
dman13is there some bit I can send you that would help?01:36
projekt01On the top of this view is information about the principal. What principal is reported?01:37
dman13gwaffen, AuthenticationService-2115014379-1108163252 ldap gwaffen, gwaffen01:37
projekt01Could be01:37
dman13interesting -- the User line ends with ','01:37
dman13maybe the roles are supposed to be listed there?01:37
projekt01Ok, you use a user called gwaffen01:37
projekt01No roles01:38
projekt01Right ow it looks that gwaffen doesn't have the permission01:38
projekt01Can you try to add the ManageContent permission to gwaffen at the file where we added before?01:39
projekt01Important, delete all roles where you grantet to gwaffen on this file. Or better use the folder above for granting.01:39
projekt01Yeah, us the folder above the file for granting, and clean all grants to gwaffen at the file01:40
projekt01Then try to access the file again01:40
dman13by "clean" do you mean to select "Unset" or "Deny"?01:41
dman13ok, I made all his grants "Unset" on both the file and the folder above it (which is "/")01:42
dman13and I get the same error01:43
dman13that, I think, is expected and normal01:43
projekt01I guess do you don't use a sub site01:43
dman13no, just the one default site01:44
projekt01You added the auth utility in ++etc++site/default01:44
dman13I haven't learned how to manage sub sites yet01:44
projekt01Hm, let me think....01:44
dman13(this wiki is currently the only thing in this zope instance at this time)01:44
projekt01And the file01:44
* C8E thinks that roger is a really great tutor01:45
dman13yeah, but the file is not real data :-)01:45
projekt01Hm, you are logged in as gwaffen. We see this in the error
* dman13 was wondering who projekt01 was :-)01:45
projekt01You mean where I am?01:46
dman13no, who01:46
dman13I was not familiar with your IRC nick01:46
projekt01Ah, I'm Roger Ineichen01:46
C8Ebut you should be w/his domain in zope-dev ML, derrik01:47
dman13right.  C8E gave that away when he said "Roger"01:47
dman13oh, no, not the domain, just the real name01:47
projekt01I really think there is not enough permission on the object.01:48
projekt01Do you have access to the LDAP server?01:49
projekt01Is it possible to recreate the user on the LDAP.01:50
projekt01But I'm pretty sure this will not solve the problem.01:50
dman13I suppose so.  I would have to preserve all the data (ie imp/horde settings) and I'd have to stop the mail server so it doesn't create bounces due to no-such-user01:50
projekt01No, don't do this01:51
dman13I did try the 'Sync' view/action on the ldap auth service; but it didn't fix anything01:51
projekt01We are logged in as gwaffen01:51
projekt01We just don't have enough permissions01:51
dman13it accepts the name+passwd pair01:51
dman13I don't know where to begin digging, other than re-checking the grant view01:52
projekt01What role do you use for gwaffen or other principals?01:52
dman13Site Manager01:52
projekt01Where did you add the roles? local or in the principal.zcml file?01:53
dman13I know it isn't good in terms of "security", but it is simple in terms of getting a wiki running for a dev group of 5 people01:53
dman13they are already defined in zcml01:53
projekt01Ah, of corse01:54
projekt01Can you add a principal gwaffen in the principal.zcml and try again?01:54
*** alga has quit IRC01:54
dman13before I test that --01:56
dman13I took my account ('dman') and Unset the SiteManager role at the root01:57
dman13and then added Site Member on the hello-world file directly01:57
dman13and I had the same problem -- unauthorized and no roles listed in the error log01:57
dman13then I added SiteManager to 'dman' on the File and it works01:57
dman13now I'll see what happens with gwaffen in principals.zcml01:58
dman13ok, putting the <principal> and the <grant> in zcml works01:59
dman13now I'm taking the <grant> out but leaving the <principal> in01:59
*** bskahan has quit IRC01:59
projekt01Ok, then the authentication can lookup the right role02:00
projekt01Seems that the authentication utility can't lookup the right role.02:00
dman13principal in zcml, grant in zodb -- fails02:00
projekt01What do you mean with grant in zodb fails?02:01
dman13on the @@PrincipalRoles.html view on the root folder I set gwaffen to 'Allow' for SiteManager02:01
dman13the same setting I had in the <grant> tag in ZCML02:02
dman13do you think it might make the anomaly disappear if I delete and recreate the ldapauth utility?02:02
projekt01Hm, could be.02:03
projekt01If so, then the cache in the LDAP could be the problem02:05
projekt01LDAP = LDAP utility02:05
dman13I'll save the database before I do that so a post-mortem will be possible02:06
dman13no joy02:10
dman13I deactivated the AuthenticationService and created a new one with a different name.02:11
dman13Configured that with an ldap source.02:11
dman13The users are found, and the grant page shows everything as 'Unset'02:11
dman13(so far so good)02:11
dman13Both myself and gwaffen are unauthorized.02:11
dman13So I set SiteManager to 'Allow' for both of us,02:12
dman13and it works for me but not gwaffen02:12
projekt01Hm, that's really wired02:12
dman13what would be an easy way to see all of the roles a user has, without getting an unauthorized error?02:13
dman13(ie what method to call in the code with a 'print' statement?)02:13
projekt01Let's call gwaffen as a forbidden name for LDAP ;-)02:13
projekt01I'm looking for it....02:13
C8Eit's obvious. who do not forbid his own boss? ;)02:13
*** FarcePest has quit IRC02:15
C8E waffen-ss, waffenss02:15
C8Eare forbidden02:15
projekt01Take a look at there you can see methods like globalRolesForPrincipal or globalPrincipalPermissionSetting02:16
projekt01But I work with the trunk, I hope there are not to many changes since 3.002:17
dman13I get the empty list for both principals02:25
dman13from import principalRoleManager02:25
dman13try :02:25
dman13    login = request.principal.getLogin()02:25
dman13except :02:25
dman13    login = "anonymous"02:25
dman13print login, repr(02:25
dman13        principalRoleManager.getRolesForPrincipal(request.principal)02:25
dman13        )02:25
dman13unless there is something wrong with my code there02:26
dman13or maybe it's because they are "local" roles (local to the root folder)02:26
projekt01The roles should be listed02:27
dman13that code, where I put it, gives me this output:02:27
dman13gwaffen []02:27
dman13dman []02:27
C8Ederrik, have you tried a third working user?02:28
dman13no, I haven't02:28
dman13ok, now I tried with the 'admin' user configured in principals.zcml.  I get the same result.02:30
projekt01Argh, I don't like the code in securitypolicy I everytime don't know if principal means principal ID.02:30
dman13I guess I can find out02:31
projekt01Try the principal and not principal id02:31
projekt01Sorry, try the principal id02:31
projekt01Instead of the principal02:31
projekt01In getRolesForPrincipal02:32
dman13that is better, but still not quite right:02:32
dman13admin [('zope.Manager', < object at 0x40c629cc>)]02:32
dman13dman []02:32
dman13gwaffen []02:32
dman13the first is in principals.zcml and the latter two are in ldap02:33
dman13thanks for your time and help on this!  I'm going to go home now before the sun completely sets.02:33
dman13At least I have a workaround, and I will have to keep searching later.02:33
projekt01Ok, tell me what's happen if you solved the problem ;-)02:34
C8Ewhat time is it in dman13land? ;)02:35
C8Ehere's 1:37 nite -_-02:35
projekt01C8E, are you form germany?02:35
C8Eehm roger, are you in swiss?02:35
C8Enope, italy02:36
projekt01Ah, what your name?02:36
C8Ei remember dev@projekt01.ch02:36
C8Ecarlo, nice 2 meet u02:36
*** dman13 has quit IRC02:36
projekt01C8E, are you not in Rom today?02:37
C8Enope roger02:37
C8Ei'm buddhist ;)02:37
projekt01Ah, ok, I just belive in god but not the curch ;-)02:38
C8Ebut your zope zen is strenght :)02:39
projekt01I hope so, we develop since 2 1/2 years with zope302:39
projekt01We built a framework on it, where we will release this year.02:40
projekt01Btw, thanks02:40
C8E' know, i know...02:41
C8Ei'm lurking z3-d ml from near the start02:41
projekt01Really, whow, I think there are many. Right?02:42
C8Ei'm sure so02:43
projekt01Do plan to work with z3?02:43
C8Ebut is really really hard to grok02:44
projekt01The mails or zope3?02:44
C8Ei hope so, yes. bot i've got to found the right project02:44
C8Enope, z3 as a whole02:44
projekt01You like to use z3 for projects in your company or by yourself?02:45
C8Efor the clients of my company02:45
C8Ebut an internal prj should be safer, for the first time... i'll se02:46
C8Efor now, i try to leard by assimilating your mail.. ;)02:46
projekt01Of corse, just calculate some time to find out how it works02:46
C8Ethe strange thing is that02:47
C8Etwisted, 4 example,is initially possibly harder than z302:48
C8Ebut as you grokit (after months, of course ;) you went very fluent with it02:48
C8Ei dunno, but i can't get the same "fluence" w/z302:49
projekt01I think twisted is a great framework developed in python02:50
projekt01It uses not this much conceptual stuff like z3.02:50
projekt01Z3 is more a philosophy change with it's components02:51
projekt01That's much harder if you think object oriented.02:51
projekt01You have learn thinking in components now.02:52
C8Eyup, maybe you're right :|02:54
projekt01Adapters and utilities are all what you need. It's so easy. I never would work with another framework then z3 since this less components can do so many things.02:54
C8Eimho z3 laks a bit in "quick&dirty develop", useful to work out ideas...02:56
C8Eie, like moshe's twisted finger tutorial, if u understand what i mean02:56
projekt01You mean prototyping or thru the web (TTW) development?02:57
C8Eno, just sketch out some ideas without constructing the whole thing in the proper way02:57
projekt01Ok, I see02:58
C8Eit's a little bit big infrastructure, in order to prototypate02:58
projekt01We use a file based development right now, this is not this fast but you can easy debug and test.02:59
C8Emaybe the z way is to solve that w/ ttw02:59
C8Eand you never feel  frustrated, when you want to quickly got a proto to valuare potential dark corner ?03:00
projekt01I think so, but we like to have TTW and generate python classes at the end. Then you could use the TTW generated classes and develop file based on this classes.03:01
projekt01That's the vision....for the next years.03:01
C8Ei'm absolutly sure this is the way03:01
C8Ezclasses was too opaque03:02
projekt01I think there is also a way where we can draw some UML and generate python classes.03:03
projekt01File based development, UML and TTW should support roundtrip ;-)03:04
C8Ei home also ther will be some zcml editors, i find it a little obscure o_O03:04
projekt01...and offer the right attributes...during editing ;-)03:05
projekt01You can use apidoc, which is a great source for this info right now.03:06
C8Eyup. it's a big richter's work :D03:08
*** hazmat__ has joined #zope3-dev03:32
*** hazmat_ has quit IRC03:40
*** RaFromBRC is now known as RaFromBRC|out04:13
C8Ei go sleep(28800); nite04:22
*** C8E has left #zope3-dev04:23
*** projekt01 has left #zope3-dev04:28
*** RaFromBRC|out has quit IRC04:36
*** hazmat__ has quit IRC06:12
*** hazmat has joined #zope3-dev06:30
*** hazmat has quit IRC07:09
*** bradb has joined #zope3-dev07:26
*** MiUlEr has joined #zope3-dev08:24
*** MiUlEr has quit IRC09:37
*** nimfa has joined #zope3-dev10:15
*** projekt01 has joined #zope3-dev11:01
*** nimfa is now known as Aiste11:29
*** Aiste has quit IRC11:56
*** Aiste has joined #zope3-dev12:49
*** zagy_ has joined #zope3-dev13:51
*** zagy has quit IRC13:51
*** Aiste has quit IRC13:56
*** Aiste has joined #zope3-dev14:13
*** Theuni has joined #zope3-dev14:50
*** J1m has joined #zope3-dev14:55
VladDrachey j1m14:55
VladDracdid you get your cmfformcontroller question answered?14:56
* VladDrac was gone - didn't see your question14:56
J1mNot really14:56
J1mI think I'm past that now anyway.14:56
*** Aiste has quit IRC15:09
*** Theuni has quit IRC15:10
*** zagy_ is now known as z|a15:12
*** J1m has quit IRC15:34
*** Theuni has joined #zope3-dev15:41
*** srichter has joined #zope3-dev15:43
*** ChanServ sets mode: +o srichter15:43
*** Theuni has quit IRC16:30
*** admp has joined #zope3-dev17:24
*** admp has quit IRC17:34
*** admp has joined #zope3-dev17:38
*** MiUlEr has joined #zope3-dev18:03
*** niemeyer has joined #zope3-dev19:11
*** niemeyer is now known as nie_out19:51
*** nie_out is now known as niemeyer20:21
*** admp has quit IRC20:28
*** admp has joined #zope3-dev20:29
*** efge has joined #zope3-dev20:37
*** admp has quit IRC20:40
*** BjornT has quit IRC20:45
*** admp has joined #zope3-dev21:00
*** admp has quit IRC21:10
*** MiUlEr has quit IRC21:12
*** MiUlEr has joined #zope3-dev21:13
*** z|a has quit IRC21:14
*** zagy has joined #zope3-dev21:17
*** BjornT has joined #zope3-dev21:41
*** efge has quit IRC21:44
*** tvon has joined #zope3-dev21:58
*** admp has joined #zope3-dev22:11
*** MiUlEr has quit IRC22:39
*** MiUlEr has joined #zope3-dev22:44
*** SteveA_ has quit IRC22:46
*** efge has joined #zope3-dev22:46
*** efge has quit IRC22:48
*** SteveA has joined #zope3-dev22:49
*** efge has joined #zope3-dev22:56
*** efge has joined #zope3-dev22:57
*** tvon has quit IRC23:01
*** bradb has quit IRC23:11
*** C81 has joined #zope3-dev23:30
*** C81 is now known as C8N23:31

Generated by 2.15.1 by Marius Gedminas - find it at!