Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

view.thumb_size() shouldn't be called on that objects that are not accessible to a user #105

Open
agitator opened this issue Nov 21, 2017 · 0 comments
Open

view.thumb_size() shouldn't be called on that objects that are not accessible to a user #105

agitator opened this issue Nov 21, 2017 · 0 comments
Labels
01 type: bug

Comments

@agitator
Copy link
Member

.../dienste/kurse_alt/kurse-2018 is published
.../dienste/kurse_alt/ is private

When accessing kurse-2018 it tries to get the thumb_size from kurse_alt, which isn't available to the user.

If I remove thumb_size python:view.thumb_size() and img tag in navigation_recurse.pt, i got no error.

Imho view.thumb_size() is trying to wake the object, permission check should be involved here.
Which view.thumb_size() method is called here?
How should the fix look like?

2017-11-21 11:00:11 ERROR portlets Error while rendering <plone.app.portlets.manager.ColumnPortletManagerRenderer object at 0x10f36ec50>
Traceback (most recent call last):
  File "/Users/peter/workspace/clientsite/eggs/Products.PloneFormGen-1.8.4-py2.7.egg/Products/PloneFormGen/patches.py", line 21, in safe_render
    return portlet_renderer.render()
  File "/Users/peter/workspace/clientsite/eggs/plone.app.portlets-4.3.1-py2.7.egg/plone/app/portlets/portlets/navigation.py", line 371, in render
    return self._template()
  File "/Users/peter/workspace/clientsite/eggs/Zope2-2.13.26-py2.7.egg/Products/Five/browser/pagetemplatefile.py", line 125, in __call__
    return self.im_func(im_self, *args, **kw)
  File "/Users/peter/workspace/clientsite/eggs/Zope2-2.13.26-py2.7.egg/Products/Five/browser/pagetemplatefile.py", line 59, in __call__
    sourceAnnotations=getattr(debug_flags, 'sourceAnnotations', 0),
  File "/Users/peter/workspace/clientsite/eggs/zope.pagetemplate-4.2.1-py2.7.egg/zope/pagetemplate/pagetemplate.py", line 137, in pt_render
    strictinsert=0, sourceAnnotations=sourceAnnotations
  File "/Users/peter/workspace/clientsite/eggs/five.pt-2.2.4-py2.7.egg/five/pt/engine.py", line 98, in __call__
    return self.template.render(**kwargs)
  File "/Users/peter/workspace/clientsite/eggs/z3c.pt-3.0.0a1-py2.7.egg/z3c/pt/pagetemplate.py", line 163, in render
    return base_renderer(**context)
  File "/Users/peter/workspace/clientsite/eggs/Chameleon-2.25-py2.7.egg/chameleon/zpt/template.py", line 261, in render
    return super(PageTemplate, self).render(**vars)
  File "/Users/peter/workspace/clientsite/eggs/Chameleon-2.25-py2.7.egg/chameleon/template.py", line 171, in render
    self._render(stream, econtext, rcontext)
  File "0b4929a47a7cd5098a37aa8cdb7a7bda.py", line 506, in render
  File "/Users/peter/workspace/clientsite/eggs/five.pt-2.2.4-py2.7.egg/five/pt/expressions.py", line 161, in __call__
    return base()
  File "/Users/peter/workspace/clientsite/eggs/plone.app.portlets-4.3.1-py2.7.egg/plone/app/portlets/portlets/navigation.py", line 286, in createNavTree
    return self.recurse(children=data.get('children', []), level=1, bottomLevel=bottomLevel)
  File "/Users/peter/workspace/clientsite/eggs/Zope2-2.13.26-py2.7.egg/Products/Five/browser/pagetemplatefile.py", line 125, in __call__
    return self.im_func(im_self, *args, **kw)
  File "/Users/peter/workspace/clientsite/eggs/Zope2-2.13.26-py2.7.egg/Products/Five/browser/pagetemplatefile.py", line 59, in __call__
    sourceAnnotations=getattr(debug_flags, 'sourceAnnotations', 0),
  File "/Users/peter/workspace/clientsite/eggs/zope.pagetemplate-4.2.1-py2.7.egg/zope/pagetemplate/pagetemplate.py", line 137, in pt_render
    strictinsert=0, sourceAnnotations=sourceAnnotations
  File "/Users/peter/workspace/clientsite/eggs/five.pt-2.2.4-py2.7.egg/five/pt/engine.py", line 98, in __call__
    return self.template.render(**kwargs)
  File "/Users/peter/workspace/clientsite/eggs/z3c.pt-3.0.0a1-py2.7.egg/z3c/pt/pagetemplate.py", line 163, in render
    return base_renderer(**context)
  File "/Users/peter/workspace/clientsite/eggs/Chameleon-2.25-py2.7.egg/chameleon/zpt/template.py", line 261, in render
    return super(PageTemplate, self).render(**vars)
  File "/Users/peter/workspace/clientsite/eggs/Chameleon-2.25-py2.7.egg/chameleon/template.py", line 171, in render
    self._render(stream, econtext, rcontext)
  File "0731193c8249c11f0f198efd25d40b6f.py", line 892, in render
  File "0731193c8249c11f0f198efd25d40b6f.py", line 631, in render_nav_main
  File "/Users/peter/workspace/clientsite/eggs/Zope2-2.13.26-py2.7.egg/Products/Five/browser/pagetemplatefile.py", line 125, in __call__
    return self.im_func(im_self, *args, **kw)
  File "/Users/peter/workspace/clientsite/eggs/Zope2-2.13.26-py2.7.egg/Products/Five/browser/pagetemplatefile.py", line 59, in __call__
    sourceAnnotations=getattr(debug_flags, 'sourceAnnotations', 0),
  File "/Users/peter/workspace/clientsite/eggs/zope.pagetemplate-4.2.1-py2.7.egg/zope/pagetemplate/pagetemplate.py", line 137, in pt_render
    strictinsert=0, sourceAnnotations=sourceAnnotations
  File "/Users/peter/workspace/clientsite/eggs/five.pt-2.2.4-py2.7.egg/five/pt/engine.py", line 98, in __call__
    return self.template.render(**kwargs)
  File "/Users/peter/workspace/clientsite/eggs/z3c.pt-3.0.0a1-py2.7.egg/z3c/pt/pagetemplate.py", line 163, in render
    return base_renderer(**context)
  File "/Users/peter/workspace/clientsite/eggs/Chameleon-2.25-py2.7.egg/chameleon/zpt/template.py", line 261, in render
    return super(PageTemplate, self).render(**vars)
  File "/Users/peter/workspace/clientsite/eggs/Chameleon-2.25-py2.7.egg/chameleon/template.py", line 171, in render
    self._render(stream, econtext, rcontext)
  File "0731193c8249c11f0f198efd25d40b6f.py", line 892, in render
  File "0731193c8249c11f0f198efd25d40b6f.py", line 631, in render_nav_main
  File "/Users/peter/workspace/clientsite/eggs/Zope2-2.13.26-py2.7.egg/Products/Five/browser/pagetemplatefile.py", line 125, in __call__
    return self.im_func(im_self, *args, **kw)
  File "/Users/peter/workspace/clientsite/eggs/Zope2-2.13.26-py2.7.egg/Products/Five/browser/pagetemplatefile.py", line 59, in __call__
    sourceAnnotations=getattr(debug_flags, 'sourceAnnotations', 0),
  File "/Users/peter/workspace/clientsite/eggs/zope.pagetemplate-4.2.1-py2.7.egg/zope/pagetemplate/pagetemplate.py", line 137, in pt_render
    strictinsert=0, sourceAnnotations=sourceAnnotations
  File "/Users/peter/workspace/clientsite/eggs/five.pt-2.2.4-py2.7.egg/five/pt/engine.py", line 98, in __call__
    return self.template.render(**kwargs)
  File "/Users/peter/workspace/clientsite/eggs/z3c.pt-3.0.0a1-py2.7.egg/z3c/pt/pagetemplate.py", line 163, in render
    return base_renderer(**context)
  File "/Users/peter/workspace/clientsite/eggs/Chameleon-2.25-py2.7.egg/chameleon/zpt/template.py", line 261, in render
    return super(PageTemplate, self).render(**vars)
  File "/Users/peter/workspace/clientsite/eggs/Chameleon-2.25-py2.7.egg/chameleon/template.py", line 191, in render
    raise_with_traceback(exc, tb)
  File "/Users/peter/workspace/clientsite/eggs/Chameleon-2.25-py2.7.egg/chameleon/template.py", line 171, in render
    self._render(stream, econtext, rcontext)
  File "0731193c8249c11f0f198efd25d40b6f.py", line 892, in render
  File "0731193c8249c11f0f198efd25d40b6f.py", line 524, in render_nav_main
  File "/Users/peter/workspace/clientsite/eggs/plone.memoize-1.2.1-py2.7.egg/plone/memoize/volatile.py", line 73, in replacement
    cached_value = cache[key] = fun(*args, **kwargs)
  File "/Users/peter/workspace/clientsite/srccore/plone.namedfile/plone/namedfile/scaling.py", line 520, in tag
    obj = brain.getObject()
  File "/Users/peter/workspace/clientsite/eggs/Products.ZCatalog-3.0.2-py2.7.egg/Products/ZCatalog/CatalogBrains.py", line 108, in getObject
    return parent.restrictedTraverse(path[-1])
  File "/Users/peter/workspace/clientsite/eggs/Zope2-2.13.26-py2.7.egg/OFS/Traversable.py", line 317, in restrictedTraverse
    return self.unrestrictedTraverse(path, default, restricted=True)
  File "/Users/peter/workspace/clientsite/eggs/Zope2-2.13.26-py2.7.egg/OFS/Traversable.py", line 251, in unrestrictedTraverse
    next = guarded_getattr(obj, name)
Unauthorized: You are not allowed to access 'kurse_alt' in this context

 - Expression: "view/createNavTree"
 - Filename:   ... .3.1-py2.7.egg/plone/app/portlets/portlets/navigation.pt
 - Location:   (line 39: col 39)
 - Source:     ... tal:replace="structure view/createNavTree">
                                          ^^^^^^^^^^^^^^^^^^
 - Expression: "python:image_scale.tag(item, 'image', scale=thumb_scale, css_class='pull-right thumb-'+thumb_scale)"
 - Filename:   ... .7.egg/plone/app/portlets/portlets/navigation_recurse.pt
 - Location:   (line 43: col 40)
 - Source:     ... python:image_scale.tag(item, 'image', scale=thumb_scale, css_class='pull-right thumb-'+thumb_scale) ...
                   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 - Arguments:  default: <object - at 0x108f03ae0>
               repeat: {...} (0)
               template: <ViewPageTemplateFile - at 0x111711050>
               views: <ViewMapper - at 0x10f226950>
               modules: <instance - at 0x109fca7e8>
               bottomLevel: 0
               args: <tuple - at 0x108ead050>
               here: <ImplicitAcquisitionWrapper kurse-2018 at 0x113cf40f0>
               supress_icon: False
               user: <ImplicitAcquisitionWrapper - at 0x113eb6f00>
               nothing: <NoneType - at 0x108dcee18>
               children: <list - at 0x114c18ea8>
               container: <ImplicitAcquisitionWrapper kurse-2018 at 0x113cf40f0>
               level: 3
               request: <instance - at 0x10f209d88>
               wrapped_repeat: <SafeMapping - at 0x10f3752b8>
               traverse_subpath: <list - at 0x11569d320>
               thumb_scale: none
               loop: {...} (1)
               context: <ImplicitAcquisitionWrapper kurse-2018 at 0x113cf40f0>
               view: <Renderer - at 0x10f803410>
               supress_thumb: False
               translate: <function translate at 0x10f191398>
               root: <ImplicitAcquisitionWrapper Zope at 0x112b1d2d0>
               options: {...} (3)
               target_language: <NoneType - at 0x108dcee18>
[44] > /Users/peter/workspace/clientsite/eggs/Zope2-2.13.26-py2.7.egg/OFS/Traversable.py(251)unrestrictedTraverse()
-> next = guarded_getattr(obj, name)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
01 type: bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@agitator