Closed pysailor closed 10 years ago
I would like to understand the root cause before we apply this workaround. In what situations will a request not have a PUBLISHED attribute?
The way I understand it, this happens when the "sectors" folder is called (via Acquisition) on the "client" folder. To reproduce, try a URL like http://localhost:8080/Plone/client/sectors
The Zope publisher should still set a PUBLISHED attribute as far I know. I would like to know under what conditions it does not do that. Only then can we be sure we have the right fix.
I added a failing test to illustrate the problem.
Tracing Zope traversal logic what happens is this:
/plone/client/sectors
.<SectorContainer at /plone/sectors used for /plone/client>
as expected.IBrowserPublisher
adapter is consulted to view determine the view. This uses plone.dexterity.browser.traversal.DexterityPublishTraverse
and returns (u'@@index_html',)
.@@index_html``view, which results in a``NotFound
exception. This happens we only have a view for the NuPloneSkin
layer, which is not present in the client. This is also why PUBLISHED
is never set on the request.euphorie.client.error.NotFound
.Unauthorized
exception.I think the right question to ask here is: why does the NotFound view generate an Unauthorized exception?
Poking around with pdb shows this:
You are not allowed to access '@@webhelpers' in this context
- Expression: "nocall:context/@@webhelpers"
- Filename: ... Euphorie/src/euphorie/client/templates/error_notfound.pt
- Location: (line 10: col 58)
- Source: ... /client; webhelpers nocall:context/@@webhelpers">
^^^^^^^^^^^^^^^^^^^^^^^^^^^
I fixed this problem by making the @@webhelpers
view public, which makes it possible to render the not-found page for anonymous users. This is safe since webhelpers does not expose any non-public information.
This might only affect the OiRA site, but a Euphorie component is involved: For OiRA we have 2 separate URLs, one for the "admin" side, one for the client. The client URL points via virtual hosting to the folder /client.
If you're working in the admin site, you might copy over your current URL (including the sectors folder) to the client, e.g. like this https://client.oiratest.syslab.com/sectors/eu/private-security/
For the user, the request simply times out. The site remains unresponsive after that. In the zope log we get:
Maybe it would be enough to replace this line https://github.com/euphorie/Euphorie/blob/master/src/euphorie/client/authentication.py#L197 with