[PEAK] peak.security: permissionFor problem

Radek Kanovsky rk at dat.cz
Fri Feb 11 10:42:35 EST 2005


On Fri, Feb 11, 2005 at 09:46:56AM -0500, Phillip J. Eby wrote:

> >For example:
> >
> >  [
> >   (Signature(
> >    (2, <function dispatch_by_inequalities at 
> >0xb7bdbf7c>)=Inequality(=='user'),
> >    (1, <function dispatch_by_mro at 0xb7bdb95c>)=Context,  # web.Context
> >    (0, <function dispatch_by_mro at 0xb7bdb95c>)=Context), # 
> >security.Context
> >    <function declared_permission at 0xb7a0902c>
> >    ),
> >   (Signature(...same signature...),
> >   (Signature(...same signature...),
> >  ]
> 
> I notice you're not showing the function here for the other two 
> signatures.  I'm guessing they are all <function declared_permission>, but 
> do they have the same addresses, or different ones?

Group contains exactly three identical signatures with the same address:

    try :
        perm = ctx.policy.permissionFor(ob,name)
    except dispatch.AmbiguousMethod, am :
        g = am.args[0]
        assert len(g) == 3
        assert g[0][0] is g[1][0] is g[2][0]
        assert g[0][1] is g[1][1] is g[2][1]
        raise

    Traceback:
      [...]
      File "src/peak/web/environ.py", line 418, in traverseDefault
        loc = traverseAttr(ctx,ob,ns,name,qname,NOT_FOUND)
      File "src/peak/web/environ.py", line 332, in traverseAttr
        perm = ctx.policy.permissionFor(ob,name)
      File "<string>", line 5, in permissionFor
      File "src/dispatch/strategy.py", line 808, in ambiguous
        raise AmbiguousMethod(group)

> The signatures you've shown above are of the form "self in security.Context 
> and subject in web.Context and name=='user'", so it is looking up what 
> permission should be used for the 'user' attribute of a 'web.Context' 
> object.  It sounds as though there has been more than one declaration of 
> this, though how that would happen I don't know.

I have checked it before. There is only one declaration.

> I suspect that the problem is that for some reason the metadata is being 
> declared more than once, leading to a spurious apparent ambiguity.  I may 
> have to switch from a generic function to a dispatcher so that multiple 
> declarations of the same metadata can be ignored.

_declare_permission is called only one time for subject==web.Context and
name=='user'. Permission is also correct, i.e. security.Anybody.
 
> Anyway, it sounds like a problem with either peak.security or peak.binding, 
> more likely that peak.binding is somehow declaring some metadata more than 
> once.

Some lazyModule issues??? BTW, application is simple CGI without threads.

RadekK



More information about the PEAK mailing list