On Jul 23, 2010, at 9:12 AM, Guilherme Salgado wrote:
> On Fri, 2010-07-23 at 12:42 +0000, Gary Poster wrote:
>> Hey Salgado. Thank you. Below, I've deleted sections for which I thought no further discussion was necessary.
Doing that again.
>>
>> On Jul 22, 2010, at 5:15 AM, Guilherme Salgado wrote:
>>
>>> On Wed, 2010-07-21 at 17:08 +0000, Gary Poster wrote:
>
...
>>
>>> I'm now wondering if I should do the same for all the eggs that I've
>>> updated as part of this -- they could also register new things that
>>> we're not expecting.
>>
>> The reason why I singled in on this one is that it is registered in
>> zopeapp.zcml, so it will affect production. The rest will only affect
>> tests and development, so I'm less concerned in this regard.
>>
>> zope.publisher's update I guess is worth a look, actually. But that's
>> the only other one I see.
>>
>
> http://paste.ubuntu.com/467986/ is the diff between the previous
> configure.zcml and the current version, so nothing to worry about, I
> think?
Agreed, thanks.
>
>
>>> - FWIW, LaunchpadPrincipalAnnotations could subclass UserDict.UserDict
>>>> and be shortened to the __init__ plus a call to the shared constructor
>>>> and the interface declarations. Do it if you want.
>>>
>>> I'm all for it!
>>>
>>> Also, I thought I could make apidoc.lp.dev work for anonymous users by
>>> just registering an adapter like the above for
>>> IUnauthenticatedPrincipal, but then I got
>>> http://paste.ubuntu.com/467401/
>>
>> Meh, digging into it just a bit, I see that preference group thing is
>> doing somewhat unusual security dances. I wouldn't be all that
>> surprised if that LocationError were actually hiding a
>> ForbiddenAttribute on a value that should be there, but maybe I'm
>> wrong.
>>
>>> I'm thinking that it may be better to actually require a logged-in user
>>> to use apidoc.lp.dev and ask them to login in case they're not, just
>>> like we do on other launchpad.AnyPerson pages. What do you think?
>>
>> Since this is only for devel instances, in the abstract there's no
>> reason not to expose this for anonymous users that I see. That will
>> also make it easier to make a static version of the apidoc, which I
>> think is part of the plan.
>
> Agreed. All I wanted was to make sure we require people to login as
> early as possible so that they don't see these obscure errors that one
> has no idea can be worked around just by logging in.
>
>>
>> If you want me to look into the traceback further just ask.
>
> I'd really appreciate as I wouldn't know where to start. Just some
> pointers so I can get started would be great.
I was skeptical of the way you were using object and UserDict together--that doesn't make UserDict a new-style class, so it doesn't play the "super" game. This fixes the traceback for unauthenticated users, and is generally more correct:
# zope.app.apidoc expects our principals to be adaptable into IAnnotations, so
# we use these dummy adapters here just to make that code not OOPS.
-class TemporaryPrincipalAnnotations(object, UserDict):
+class TemporaryPrincipalAnnotations(UserDict):
implements(IAnnotations)
adapts(ILaunchpadPrincipal, IPreferenceGroup)
On Jul 23, 2010, at 9:12 AM, Guilherme Salgado wrote:
> On Fri, 2010-07-23 at 12:42 +0000, Gary Poster wrote:
>> Hey Salgado. Thank you. Below, I've deleted sections for which I thought no further discussion was necessary.
Doing that again.
>>
>> On Jul 22, 2010, at 5:15 AM, Guilherme Salgado wrote:
>>
>>> On Wed, 2010-07-21 at 17:08 +0000, Gary Poster wrote:
>
...
>> paste.ubuntu. com/467986/ is the diff between the previous
>>> I'm now wondering if I should do the same for all the eggs that I've
>>> updated as part of this -- they could also register new things that
>>> we're not expecting.
>>
>> The reason why I singled in on this one is that it is registered in
>> zopeapp.zcml, so it will affect production. The rest will only affect
>> tests and development, so I'm less concerned in this regard.
>>
>> zope.publisher's update I guess is worth a look, actually. But that's
>> the only other one I see.
>>
>
> http://
> configure.zcml and the current version, so nothing to worry about, I
> think?
Agreed, thanks.
> palAnnotations could subclass UserDict.UserDict dPrincipal, but then I got paste.ubuntu. com/467401/
>
>>> - FWIW, LaunchpadPrinci
>>>> and be shortened to the __init__ plus a call to the shared constructor
>>>> and the interface declarations. Do it if you want.
>>>
>>> I'm all for it!
>>>
>>> Also, I thought I could make apidoc.lp.dev work for anonymous users by
>>> just registering an adapter like the above for
>>> IUnauthenticate
>>> http://
>>
>> Meh, digging into it just a bit, I see that preference group thing is
>> doing somewhat unusual security dances. I wouldn't be all that
>> surprised if that LocationError were actually hiding a
>> ForbiddenAttribute on a value that should be there, but maybe I'm
>> wrong.
>>
>>> I'm thinking that it may be better to actually require a logged-in user
>>> to use apidoc.lp.dev and ask them to login in case they're not, just
>>> like we do on other launchpad.AnyPerson pages. What do you think?
>>
>> Since this is only for devel instances, in the abstract there's no
>> reason not to expose this for anonymous users that I see. That will
>> also make it easier to make a static version of the apidoc, which I
>> think is part of the plan.
>
> Agreed. All I wanted was to make sure we require people to login as
> early as possible so that they don't see these obscure errors that one
> has no idea can be worked around just by logging in.
>
>>
>> If you want me to look into the traceback further just ask.
>
> I'd really appreciate as I wouldn't know where to start. Just some
> pointers so I can get started would be great.
I was skeptical of the way you were using object and UserDict together--that doesn't make UserDict a new-style class, so it doesn't play the "super" game. This fixes the traceback for unauthenticated users, and is generally more correct:
=== modified file 'lib/canonical/ launchpad/ webapp/ authentication. py' launchpad/ webapp/ authentication. py 2010-07-22 09:12:46 +0000 launchpad/ webapp/ authentication. py 2010-07-23 14:54:07 +0000
--- lib/canonical/
+++ lib/canonical/
@@ -326,12 +326,12 @@
# zope.app.apidoc expects our principals to be adaptable into IAnnotations, so palAnnotations( object, UserDict): palAnnotations( UserDict) : (IAnnotations) ILaunchpadPrinc ipal, IPreferenceGroup)
# we use these dummy adapters here just to make that code not OOPS.
-class TemporaryPrinci
+class TemporaryPrinci
implements
adapts(
def __init__(self, principal, pref_group): PrincipalAnnota tions, self).__init__() __init_ _(self)
- super(Temporary
+ UserDict.
class TemporaryUnauth enticatedPrinci palAnnotations(