[PEAK] peak.security: permissionFor problem

Radek Kanovsky rk at dat.cz
Fri Feb 11 05:48:12 EST 2005


Hi Phillip,

before I dive into the problem I currently have, I would want discuss few
things. Problem is that function peak.web.environ.traverseAttr() raises
unexpectedly (as for me) AmbiguousMethod exception on line:

    perm = ctx.policy.permissionFor(ob,name)

What confuses me is the exception argument that states "there are group
of three ambiguous methods" for arguments (web.Context(), 'user').
But these methods have the same signature, i.e. group contains three
Signatures instances with the same instance id (proven). I was not able
to assemble simple erroring demonstration yet. Problem is hard for
debugging because exception raises irreguraly, typicaly when I am trying
to show user instance via template:

    <div content:replace="/user"/>

I haven't found any rules that would lead to exception. 'user' attribute
of Context instance is shown in some templates, i.e. permissionFor()
passes without exception.

So I am asking: Is the exception argument meaningful? For example:
    
  [
   (Signature(
    (2, <function dispatch_by_inequalities at 0xb7bdbf7c>)=Inequality(=='user'),
    (1, <function dispatch_by_mro at 0xb7bdb95c>)=Context,  # web.Context
    (0, <function dispatch_by_mro at 0xb7bdb95c>)=Context), # security.Context
    <function declared_permission at 0xb7a0902c>
    ),
   (Signature(...same signature...),
   (Signature(...same signature...),
  ]


Workaround is in replacing the first line of traverseAttr() with:

    perm = security.Context().permissionFor(ob,name)

My interaction policy is subclass of original web.InteractionPolicy and
my own permission checker:

    class InteractionPolicy (UtilRules, InteractionPolicy) :
        .....

where UtilRules defines only two permission checkers:

    class UtilRules (Context) :

        [hasPermission.when("perm==Authenticated")]
        def checkAuthenticated (self, user, perm, subject) :
            '''Check that user implements IUser'''
            ...

        [hasPermission.when("issubclass(perm, NamedGroup)")]
        def checkNamedGroup (self, user, perm, subject) :
            '''Check that IUser(user) belongs to group perm.group'''
            ...

My suspicion is that problem lies in dispatch module and not in security
or in my code. Thanks in advance for any advice.

RadekK



More information about the PEAK mailing list