Allow for a read only user to execute ruby

[johnnyt]

run
(AllUsers userWithId:'GcUser') symbolList insert:
{ (((AllUsers userWithId:'DataCurator') resolveSymbol: #UserGlobals) value) }
at: 1
%

We added code modification privilege to GcUser.

We are still getting this error:

ERROR 2116 , a SecurityError occurred (error 2116), An attempt was made to modify the object aRubyLocalStaticScope in objectSecurityPolicyId 2 with insufficient authorization. (SecurityError)
topaz 1> exitifnoerror
End of initialization files
topaz 1> where
==> 1 AbstractException >> _outer:with:        (envId 0) @8 line 19
2 AbstractException >> outer               (envId 0) @2 line 19
3 [] in  RubyContext >> evalDashEStrings:  (envId 0) @3 line 17
4 AbstractException >> _executeHandler:    (envId 0) @3 line 8
5 AbstractException >> _signalFromPrimitive: (envId 0) @1 line 1
6 RubyLocalStaticScope >> blockArgLeaf:    (envId 0) @1 line 1
7 [] in  RubySClassNode >> irMethodNode:forClass: (envId 0) @3 line 8
8 [] in  RubyNode >> useScope:during:      (envId 0) @2 line 7
9 ExecBlock >> ensure:                     (envId 0) @2 line 12
10 [] in  RubyNode >> useScope:during:      (envId 0) @6 line 8
11 [] in  RubyNode >> nextLexLevel:         (envId 0) @2 line 6
12 ExecBlock >> ensure:                     (envId 0) @2 line 12
13 RubyNode >> nextLexLevel:                (envId 0) @6 line 7
14 RubyNode >> useScope:during:             (envId 0) @2 line 3
15 [] in  RubySClassNode >> irMethodNode:forClass: (envId 0) @3 line 6
16 [] in  RubyNode >> buildIrMethodNode:    (envId 0) @2 line 9
17 ExecBlock >> ensure:                     (envId 0) @2 line 12
18 RubyNode >> buildIrMethodNode:           (envId 0) @14 line 10
19 RubySClassNode >> irMethodNode:forClass: (envId 0) @2 line 4
20 [] in  RubyCompiler >> compileMethod:inClass:rubyMethod:env:isEval: (envId 0) @2 line 11
21 ExecBlock >> ensure:                     (envId 0) @2 line 12
22 RubyCompiler >> compileMethod:inClass:rubyMethod:env:isEval: (envId 0) @12 line 14
23 [] in  RubyCompiler >> extend:rubyMethod:blk:rtModulePath: (envId 0) @3 line 13
24 ExecBlock >> ensure:                     (envId 0) @2 line 12
25 RubyCompiler >> extend:rubyMethod:blk:rtModulePath: (envId 0) @19 line 16
26 RubyContext class # customize_top_self#1__ (envId 1) @3 line 2
27 GsProcess class >> initRubyMainThread:env: (envId 0) @17 line 13
28 [] in  RubyCompiler >> evaluateString:with:withSelf:binding:fileName:lineNumber:env: (envId 0) @11 line 39
29 ExecBlock >> ensure:                     (envId 0) @2 line 12
30 RubyCompiler >> evaluateString:with:withSelf:binding:fileName:lineNumber:env: (envId 0) @45 line 47
31 [] in  RubyContext >> evalDashEStrings:  (envId 0) @8 line 10
32 ExecBlock >> onException:do:             (envId 0) @2 line 66
33 RubyContext >> evalDashEStrings:         (envId 0) @6 line 15
34 [] in  RubyContext >> runFileNamed:withRubyArgs:withScriptArgs:env: (envId 0) @3 line 22
35 ExecBlock >> valueWithPossibleArgument:  (envId 0) @6 line 6
36 [] in  Collection >> ifEmpty:ifNotEmpty: (envId 0) @2 line 4
37 Boolean >> ifTrue:ifFalse:               (envId 0) @5 line 10
38 Collection >> ifEmpty:ifNotEmpty:        (envId 0) @4 line 3
39 RubyContext >> runFileNamed:withRubyArgs:withScriptArgs:env: (envId 0) @9 line 15
40 RubyContext >> runFileNamed:withRubyArgs:withScriptArgs: (envId 0) @2 line 2
41 Executed Code                                      @10 line 9
42 GsNMethod class >> _gsReturnToC          (envId 0) @1 line 1

[AllenOtis]

I have a fix for this in my checkout. The SecurityError was coming from customize_top_self in bootstrap/RubyContext.rb which is executed at the start of each ruby session . The class<<self construct is not a read-only operation on the IR graph which was generated by the parser. For the case of customize_top_self we can commit a copy of the method dictionary from the top level singleton class after boostrap and manufacture a top level singleton class with Smalltalk code during normal session startup. However general execution of persistently loaded code containing class<< constructs would need a fair amount of work to the IR classes to make that construct operate in a read-only manner .

def self.customize_top_self(top_self) class << top_self def to_s "main" end def inspect "main" end def include(_args) Object.include(_args) end def private(_args) Object.private(_args) end def public(_args) Object.public(_args) end end end