I'm not sure whether this question is about Plone, or Zope, or Python, or maybe even HTTP. I thought I would start here. If this isn't the place to ask this question, please point me down the technology stack to the right place.
I have written a Plone tool. The tool has a public method called submitRequest(). submitRequest() submits an HTTP request by calling the httplib2 Http.request() method. That method returns the HTTP response to submitRequest() as a Python dict. My tool's submitRequest() method simply returns that dict.
I have written a Python script, rdb_callback.py, that calls submitRequest(). The call works fine. It returns the response dict. The script can print the response dict's contents to event.log just fine - the printout looks like this:
2009-06-14T10:57:33 INFO rdb_callback.py: response = {'status': '200', 'content-length': '10', 'x-amz-id-2': 'HILeDlwdldggdQYkR7a3q7qUC5DoZvMeM1Kp3pK9h7Nf/aB1qCQwGbGnIeSeWeTX', 'x-cnection': 'close', 'server': 'AmazonS3', 'last-modified': 'Sun, 14 Jun 2009 15:57:33 GMT', 'x-amz-request-id': 'E28DD76138E8F97A', 'etag': '"bab71c0770e5cafdfa00dfb26b4d94bb"', 'date': 'Sun, 14 Jun 2009 15:57:33 GMT', 'content-type': 'text/plain'}But when the script tries to access any entry in the response dict - for example doing an assignment like
size = response["content-length"] - it evokes a fatal "Insufficient Privileges" error. (See end of this post for the full traceback.)
So it seems like the response dict is carrying some kind of security lock that has nothing to do with the security on the Plone tool, class, or method that returned it. (By the way, other methods in this same tool return dict data structures to scripts with no such difficulties.)
And indeed, after considerable hacking around, I found that the security error goes away if I tweak submitRequest() to return a copy of the response dict - in other words, if the last line of submitRequest() is
return response.copy() instead of just
return response.
So I have a viable workaround. But if anyone can explain the source of this odd error, it seems worth understanding.
~ TIA
~ Ken
Here's the traceback:
2009-06-14T10:57:33 ERROR Zope.SiteErrorLog http://c.05.luxor.highspeedrails.com/groups/dhr3/practical-matters/base-teaching-packages/base-teaching-package-contents/rdb_callback
Traceback (innermost last):
Module ZPublisher.Publish, line 115, in publish
Module ZPublisher.mapply, line 88, in mapply
Module ZPublisher.Publish, line 41, in call_object
Module Products.CMFCore.FSPythonScript, line 108, in __call__
Module Shared.DC.Scripts.Bindings, line 311, in __call__
Module Shared.DC.Scripts.Bindings, line 348, in _bindAndExec
Module Products.CMFCore.FSPythonScript, line 164, in _exec
Module None, line 42, in rdb_callback
- <FSPythonScript at /groups/rdb_callback used for /groups/dhr3/practical-matters/base-teaching-packages/base-teaching-package-contents>
- Line 42
Module AccessControl.ZopeGuards, line 71, in guarded_getitem
Module AccessControl.ImplPython, line 565, in validate
Module AccessControl.ImplPython, line 335, in validate
Module AccessControl.ImplPython, line 810, in raiseVerbose
Unauthorized: The container has no security assertions. Access to None of {'status': '200', 'content-length': '10', 'x-amz-id-2': 'HILeDlwdldggdQYkR7a3q7qUC5DoZvMeM1Kp3pK9h7Nf/aB1qCQwGbGnIeSeWeTX', 'x-cnection': 'close', 'server': 'AmazonS3', 'last-modified': 'Sun, 14 Jun 2009 15:57:33 GMT', 'x-amz-request-id': 'E28DD76138E8F97A', 'etag': '"bab71c0770e5cafdfa00dfb26b4d94bb"', 'date': 'Sun, 14 Jun 2009 15:57:33 GMT', 'content-type': 'text/plain'} denied.
