Ticket #11353 (confirmed Bug)
Error rendering classic portlets if unauthorized to access the context
Reported by: | dukebody | Owned by: | dukebody |
---|---|---|---|
Priority: | major | Milestone: | 4.x |
Component: | Website | Version: | 4.0 |
Keywords: | Cc: |
Description
When using a classic portlet, if the logged-in user doesn't have access to the context (content) where the portlet is being rendered, the following error shows up:
2010-12-15 22:55:14 ERROR Zope.SiteErrorLog 1292450114.80.946049153761 http://localhost:5011/plone.org/documentation/kb/scaling-and-performance/tutorial_view Traceback (innermost last): Module ZPublisher.Publish, line 127, in publish Module ZPublisher.mapply, line 77, in mapply Module Products.PDBDebugMode.runcall, line 70, in pdb_runcall Module ZPublisher.Publish, line 47, in call_object Module Shared.DC.Scripts.Bindings, line 324, in __call__ Module Shared.DC.Scripts.Bindings, line 361, in _bindAndExec Module Products.CMFCore.FSPageTemplate, line 240, in _exec Module Products.CMFCore.FSPageTemplate, line 180, in pt_render Module Products.PTProfiler.ProfilerPatch, line 83, in __patched_render__ Module Products.PageTemplates.PageTemplate, line 80, in pt_render Module zope.pagetemplate.pagetemplate, line 113, in pt_render Module zope.tal.talinterpreter, line 271, in __call__ Module zope.tal.talinterpreter, line 343, in interpret Module zope.tal.talinterpreter, line 888, in do_useMacro Module zope.tal.talinterpreter, line 343, in interpret Module zope.tal.talinterpreter, line 533, in do_optTag_tal Module zope.tal.talinterpreter, line 518, in do_optTag Module zope.tal.talinterpreter, line 513, in no_tag Module zope.tal.talinterpreter, line 343, in interpret Module zope.tal.talinterpreter, line 583, in do_setLocal_tal Module zope.tales.tales, line 696, in evaluate - URL: file:/home/dukebody/.buildout/eggs/plonetheme.sunburst-1.0.4-py2.6.egg/plonetheme/sunburst/skins/sunburst_templates/main_template.pt - Line 50, Column 0 - Expression: <PythonExpr plone_view.have_portlets('plone.leftcolumn', view)> - Names: {'container': <PloneSite at /plone.org>, 'context': <UnauthorizedBinding: context>, 'default': <object object at 0xb73d3518>, 'here': <UnauthorizedBinding: context>, 'loop': {}, 'nothing': None, 'options': {'args': ()}, 'repeat': <Products.PageTemplates.Expressions.SafeMapping object at 0x1218eeb4>, 'request': <HTTPRequest, URL=http://localhost:5011/plone.org/documentation/kb/scaling-and-performance/tutorial_view>, 'root': <Application at >, 'template': <FSPageTemplate at /plone.org/tutorial_view used for /plone.org/documentation/kb/scaling-and-performance>, 'traverse_subpath': [], 'user': <SpecialUser 'Anonymous User'>} Module Products.PageTemplates.ZRPythonExpr, line 49, in __call__ - __traceback_info__: plone_view.have_portlets('plone.leftcolumn', view) Module PythonExpr, line 1, in <expression> Module Products.CMFPlone.browser.ploneview, line 295, in have_portlets Module plone.app.layout.globals.layout, line 72, in have_portlets Module plone.portlets.manager, line 48, in visible Module plone.portlets.manager, line 67, in portletsToShow Module plone.memoize.view, line 44, in memogetter Module plone.portlets.manager, line 105, in _lazyLoadPortlets Module plone.app.portlets.manager, line 32, in _dataToPortlet TypeError: attempt to wrap extension method using an object that is not an extension class instance.
The line from p.a.portlets.manager is:
return portlet.__of__(self.context)
If the user doesn't have permission to see the context (e.g. hidden items while anonymous), since this is a Page Template object (RestrictedPython), self.context is a Shared.DC.Scripts.UnauthorizedBinding instance, obviously not subclassing from ExtensionClass and not pluggable into acquisition.
New-style portlets solve this problem with the "available" method, but I think we should fix this if we still want to support classic portlets.
Which kind of check could we don on self.context before trying to wrap the portlet into it?
Change History
comment:1 Changed 5 years ago by aclark
- Owner set to plone-website@…
- Component changed from Infrastructure to Website
comment:2 follow-up: ↓ 3 Changed 5 years ago by davisagli
Can we just explicitly check whether it's an UnauthorizedBinding, and raise Unauthorized in that case?
comment:3 in reply to: ↑ 2 Changed 5 years ago by dukebody
- Owner changed from plone-website@… to dukebody
- Status changed from new to assigned
Replying to davisagli:
Can we just explicitly check whether it's an UnauthorizedBinding, and raise Unauthorized in that case?
Sounds smart. Let's do that.
comment:5 Changed 4 years ago by petschki
- Status changed from assigned to confirmed
- Version set to 4.1
well i get this exception in plone 4.0.10 ... is there any workaround for that?
comment:7 Changed 4 years ago by kleist
Trac follows the DWIM principle (Do What I Mean), and sets automagically version 4.1 :-[
comment:8 Changed 4 years ago by bslash
Re-setting this as 'major', since this is affecting quite large parts of our front-facing documentation on plone.org. The phc_about portlet is a classic portlet, and thus triggers a very unfriendly error for anonymous visitors when some documentation is in the 'obsolete' or 'draft' status. Not very good advertising when our documentation generates errors.
comment:11 Changed 2 years ago by neaj
I just ran into this. Plone 4.2.5