Ticket #11353 (confirmed Bug)

Opened 5 years ago

Last modified 2 years ago

Error rendering classic portlets if unauthorized to access the context

Reported by: dukebody Owned by: dukebody
Priority: major Milestone: 4.x
Component: Website Version: 4.0
Keywords: Cc:

Description

When using a classic portlet, if the logged-in user doesn't have access to the context (content) where the portlet is being rendered, the following error shows up:

2010-12-15 22:55:14 ERROR Zope.SiteErrorLog 1292450114.80.946049153761 http://localhost:5011/plone.org/documentation/kb/scaling-and-performance/tutorial_view
Traceback (innermost last):
  Module ZPublisher.Publish, line 127, in publish
  Module ZPublisher.mapply, line 77, in mapply
  Module Products.PDBDebugMode.runcall, line 70, in pdb_runcall
  Module ZPublisher.Publish, line 47, in call_object
  Module Shared.DC.Scripts.Bindings, line 324, in __call__
  Module Shared.DC.Scripts.Bindings, line 361, in _bindAndExec
  Module Products.CMFCore.FSPageTemplate, line 240, in _exec
  Module Products.CMFCore.FSPageTemplate, line 180, in pt_render
  Module Products.PTProfiler.ProfilerPatch, line 83, in __patched_render__
  Module Products.PageTemplates.PageTemplate, line 80, in pt_render
  Module zope.pagetemplate.pagetemplate, line 113, in pt_render
  Module zope.tal.talinterpreter, line 271, in __call__
  Module zope.tal.talinterpreter, line 343, in interpret
  Module zope.tal.talinterpreter, line 888, in do_useMacro
  Module zope.tal.talinterpreter, line 343, in interpret
  Module zope.tal.talinterpreter, line 533, in do_optTag_tal
  Module zope.tal.talinterpreter, line 518, in do_optTag
  Module zope.tal.talinterpreter, line 513, in no_tag
  Module zope.tal.talinterpreter, line 343, in interpret
  Module zope.tal.talinterpreter, line 583, in do_setLocal_tal
  Module zope.tales.tales, line 696, in evaluate
   - URL: file:/home/dukebody/.buildout/eggs/plonetheme.sunburst-1.0.4-py2.6.egg/plonetheme/sunburst/skins/sunburst_templates/main_template.pt
   - Line 50, Column 0
   - Expression: <PythonExpr plone_view.have_portlets('plone.leftcolumn', view)>
   - Names:
      {'container': <PloneSite at /plone.org>,
       'context': <UnauthorizedBinding: context>,
       'default': <object object at 0xb73d3518>,
       'here': <UnauthorizedBinding: context>,
       'loop': {},
       'nothing': None,
       'options': {'args': ()},
       'repeat': <Products.PageTemplates.Expressions.SafeMapping object at 0x1218eeb4>,
       'request': <HTTPRequest, URL=http://localhost:5011/plone.org/documentation/kb/scaling-and-performance/tutorial_view>,
       'root': <Application at >,
       'template': <FSPageTemplate at /plone.org/tutorial_view used for /plone.org/documentation/kb/scaling-and-performance>,
       'traverse_subpath': [],
       'user': <SpecialUser 'Anonymous User'>}
  Module Products.PageTemplates.ZRPythonExpr, line 49, in __call__
   - __traceback_info__: plone_view.have_portlets('plone.leftcolumn', view)
  Module PythonExpr, line 1, in <expression>
  Module Products.CMFPlone.browser.ploneview, line 295, in have_portlets
  Module plone.app.layout.globals.layout, line 72, in have_portlets
  Module plone.portlets.manager, line 48, in visible
  Module plone.portlets.manager, line 67, in portletsToShow
  Module plone.memoize.view, line 44, in memogetter
  Module plone.portlets.manager, line 105, in _lazyLoadPortlets
  Module plone.app.portlets.manager, line 32, in _dataToPortlet
TypeError: attempt to wrap extension method using an object that
is not an extension class instance.

The line from p.a.portlets.manager is:

        return portlet.__of__(self.context)

If the user doesn't have permission to see the context (e.g. hidden items while anonymous), since this is a Page Template object (RestrictedPython), self.context is a Shared.DC.Scripts.UnauthorizedBinding instance, obviously not subclassing from ExtensionClass and not pluggable into acquisition.

New-style portlets solve this problem with the "available" method, but I think we should fix this if we still want to support classic portlets.

Which kind of check could we don on self.context before trying to wrap the portlet into it?

Change History

comment:1 Changed 5 years ago by aclark

  • Owner set to plone-website@…
  • Component changed from Infrastructure to Website

comment:2 follow-up: ↓ 3 Changed 5 years ago by davisagli

Can we just explicitly check whether it's an UnauthorizedBinding, and raise Unauthorized in that case?

comment:3 in reply to: ↑ 2 Changed 5 years ago by dukebody

  • Owner changed from plone-website@… to dukebody
  • Status changed from new to assigned

Replying to davisagli:

Can we just explicitly check whether it's an UnauthorizedBinding, and raise Unauthorized in that case?

Sounds smart. Let's do that.

comment:4 Changed 4 years ago by kleist

Which Plone version please?

comment:5 Changed 4 years ago by petschki

  • Status changed from assigned to confirmed
  • Version set to 4.1

well i get this exception in plone 4.0.10 ... is there any workaround for that?

comment:6 Changed 4 years ago by petschki

  • Version changed from 4.1 to 4.0

comment:7 Changed 4 years ago by kleist

Trac follows the DWIM principle (Do What I Mean), and sets automagically version 4.1 :-[

comment:8 Changed 4 years ago by bslash

Re-setting this as 'major', since this is affecting quite large parts of our front-facing documentation on plone.org. The phc_about portlet is a classic portlet, and thus triggers a very unfriendly error for anonymous visitors when some documentation is in the 'obsolete' or 'draft' status. Not very good advertising when our documentation generates errors.

comment:9 Changed 4 years ago by bslash

  • Priority changed from minor to major

comment:10 Changed 4 years ago by bslash

  • Milestone set to 4.x

comment:11 Changed 2 years ago by neaj

I just ran into this. Plone 4.2.5

Note: See TracTickets for help on using tickets.