Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Ferran Llamas
    @lferran

    @bloodbare @vangheem why do we set anonymous users as authenticated?

    https://github.com/plone/guillotina/blob/master/guillotina/traversal.py#L458

    Ramon Navarro Bosch
    @bloodbare
    We don't set as authenticated, we set that the user is Anonymous
    so we can assign permissions to anonymous
    Ferran Llamas
    @lferran

    yup, but that call in turn gives guillotina.Authenticated role to the anonymous user. I'm confused: https://github.com/plone/guillotina/blob/02bf215bf147fb714fe58c6efbda88601715c9b9/guillotina/auth/utils.py#L33

    not sure if I'm missing something, or it's a bug

    Ferran Llamas
    @lferran

    @bloodbare I reproduced the bug here:
    https://github.com/plone/guillotina/pull/744/files

    anonymous users get to call endpoints for which they don't have permissions

    Jordi Collell
    @jordic
    @svx I can also join on a docs sprint. (I had started building some exemples withou storage), but with raw SQL.
    Ramon Navarro Bosch
    @bloodbare
    @svx I’m also interested 😂 if its in BCN
    Jordi Masip
    @masipcat_gitlab
    @svx me too! :P
    Jordi Collell
    @jordic
    hey, just working on integration between guilltoina and asyncom, something like:
    
    from guillotina import configure
    from zope.interface import Interface
    from zope.interface import implementer
    from guillotina.component import get_utility
    from guillotina.interfaces import IApplication
    from guillotina.interfaces import IPrincipalPermissionManager
    from guillotina.security.security_code import PrincipalPermissionManager
    from guillotina.auth.users import ANONYMOUS_USER_ID
    from simpleserver.interfaces import IAsyncOm
    from guillotina.component import get_utility
    from simpleserver.models import Grupo
    from guillotina.events import ApplicationInitializedEvent
    
    
    class IVirtual(Interface):
        pass
    
    
    @implementer(IVirtual)
    class Virtual:
        @property
        def __parent__(self):
            return get_utility(IApplication, "root")
    
        @property
        def db(self):
            return get_utility(IAsyncOm)
    
    
    @configure.adapter(for_=IVirtual, provides=IPrincipalPermissionManager)
    class StaticFileSpecialPermissions(PrincipalPermissionManager):
        def __init__(self, db):
            super(StaticFileSpecialPermissions, self).__init__()
            self.grant_permission_to_principal(
                "guillotina.AccessContent", ANONYMOUS_USER_ID
            )
    
    
    @configure.service(
        method="GET",
        name="@double/{value}",
        context=IVirtual
    )
    async def double(context, request):
        return {"value": int(request.matchdict["value"]) * 2}
    
    
    @configure.service(
        method="GET",
        name="@grupos",
        context=IVirtual
    )
    async def grupo_view(context, request):
        res = await context.db.query(Grupo).limit(100).all()
        return [
            (r.grupo, r.region,) for r in res
        ]
    
    
    @configure.subscriber(
        for_=ApplicationInitializedEvent
    )
    async def on_connect(application):
        db = get_utility(IAsyncOm)
        await db.connect()
    That's assuming there is no db configured
    anyway, perhaps we need to find a way to have both... (asyncom + guillotinasotrage), Thoughts, ideas... makes sense?
    Jordi Collell
    @jordic
    yeah, I know... I'm reinventing pyramid, but async :)
    Anway, every sqlalchemy model is tracked in a registry, it's more or less easy, to dynamic find models throught virtual, and build a generic rest api around it... (Thouhgt sometimes that is better a generic rpc endpoint)
    Jordi Collell
    @jordic
    Could anyone be interested in something like this? guillotina_asyncom (A package that allows to work with guillotina, zca and sqlalchemy with asyncio)
    Jordi Collell
    @jordic
    I'm trying to understand what we are storing for acl on instance props (pickle).. it's just a list, a list of list.. where I can read about it?
    Ramon Navarro Bosch
    @bloodbare
    @jordic its a security map, its on security folder at G code
    Jordi Collell
    @jordic
    What is stored on _byrow? And what is stored in _bycol?
    Ramon Navarro Bosch
    @bloodbare
    The relations, prinrole, roleperm, prinperm. Rhe security triangle
    Jordi Collell
    @jordic
    Do you know some place where I can read about this? @bloodbare
    Jordi Collell
    @jordic
    After reading a bit more on the docs, it's not clear to me the distinction between these two phrases on docs/security:
    Allow: set on resource and children will inherit
    Deny: set on resource and children will inherit (good way to stop propagation)
    Which is the difference between deny and unsetting?
    Jordi Collell
    @jordic
    Got it, perhaps needs a bit of clarification: deny the permission on a element that has inherited permissions (throught parent/children) relationship.
    Ramon Navarro Bosch
    @bloodbare
    @jordic first: happy BDay!!
    @jordic unsetting is removing the setting from the security map. Deny is setting the deny permission
    Jordi Collell
    @jordic
    Thanks!
    Jordi Collell
    @jordic
    @bloodbare btw, I started a new project outside work and I will try to build it wit guillotina, asyncom and sqlalchemy.. here's the PR that enables asyncom to work with a connection from guillotina:
    sven
    @svx
    Hi @jordic @bloodbare @masipcat_gitlab Cool ! I added you to the list, I will get back to you as soon as we have more news/ideas about the sprint! :smile: !
    Nathan Van Gheem
    @vangheem
    @/all fyi, plone/guillotina#532 is merged! 6.x is master now and alpha for some time. 5.x branch will be maintained for some time as well. Thank you @masipcat_gitlab for pushing this!
    Jordi Masip
    @masipcat_gitlab
    I'm happy to see the PR on master :-) Time to party!
    Ramon Navarro Bosch
    @bloodbare
    @masipcat_gitlab Task <Task pending coro=<RequestResponseCycle.run_asgi() running at /Users/ramon/.pyenv/versions/stf-api/lib/python3.7/site-packages/uvicorn/protocols/http/httptools_impl.py:385> cb=[set.discard()]> got Future <Future pending cb=[Protocol._on_waiter_completed()]> attached to a different loop
    first request with G6
    You are using a insecure secret key in production mode. It is recommended that you provide a more complex value for `jwt.secret` in your config.
    INFO:     Started server process [23997]
    INFO:     Uvicorn running on http://0.0.0.0:8080 (Press CTRL+C to quit)
    INFO:     Waiting for application startup.
    INFO:     Application startup complete.
    ERROR:    Unhandled exception occurred
    Traceback (most recent call last):
      File "/Users/ramon/floss/guillotina/guillotina/traversal.py", line 419, in real_resolve
        resource, tail = await self.traverse(request)
      File "/Users/ramon/floss/guillotina/guillotina/traversal.py", line 539, in traverse
        return await traverse(request, self._root, path)
      File "/Users/ramon/floss/guillotina/guillotina/traversal.py", line 101, in traverse
        context = await tm.get_root(txn=txn)
      File "/Users/ramon/floss/guillotina/guillotina/db/transaction_manager.py", line 63, in get_root
        return await txn.get(ROOT_ID)
      File "/Users/ramon/floss/guillotina/guillotina/db/transaction.py", line 319, in get
        result = await self._get(oid)
      File "/Users/ramon/floss/guillotina/guillotina/db/transaction.py", line 67, in _wrapper
        result = await func(self, *args, **kwargs)
      File "/Users/ramon/floss/guillotina/guillotina/db/transaction.py", line 307, in _get
        return await self._manager._storage.load(self, oid)
      File "/Users/ramon/floss/guillotina/guillotina/db/storages/pg.py", line 810, in load
        objects = await self.get_one_row(txn, sql, oid)
      File "/Users/ramon/floss/guillotina/guillotina/db/storages/pg.py", line 938, in get_one_row
        return await conn.fetchrow(sql, *args)
      File "/Users/ramon/.pyenv/versions/stf-api/lib/python3.7/site-packages/asyncpg/connection.py", line 455, in fetchrow
        data = await self._execute(query, args, 1, timeout)
      File "/Users/ramon/.pyenv/versions/stf-api/lib/python3.7/site-packages/asyncpg/connection.py", line 1414, in _execute
        query, args, limit, timeout, return_status=return_status)
      File "/Users/ramon/.pyenv/versions/stf-api/lib/python3.7/site-packages/asyncpg/connection.py", line 1422, in __execute
        return await self._do_execute(query, executor, timeout)
      File "/Users/ramon/.pyenv/versions/stf-api/lib/python3.7/site-packages/asyncpg/connection.py", line 1444, in _do_execute
        result = await executor(stmt, None)
      File "asyncpg/protocol/protocol.pyx", line 196, in bind_execute
    RuntimeError: Task <Task pending coro=<RequestResponseCycle.run_asgi() running at /Users/ramon/.pyenv/versions/stf-api/lib/python3.7/site-packages/uvicorn/protocols/http/httptools_impl.py:385> cb=[set.discard()]> got Future <Future pending cb=[Protocol._on_waiter_completed()]> attached to a different loop
    WARNING:  Terminate connection <PoolConnectionProxy <asyncpg.connection.Connection object at 0x120137bb0> 0x120554cd0>
    Traceback (most recent call last):
      File "/Users/ramon/floss/guillotina/guillotina/db/transaction_manager.py", line 128, in _close_txn
        await self._storage.close(txn._db_conn)
      File "/Users/ramon/floss/guillotina/guillotina/db/storages/pg.py", line 799, in close
        await shield(self.pool.release(con, timeout=1))
      File "/Users/ramon/.pyenv/versions/stf-api/lib/python3.7/site-packages/asyncpg/pool.py", line 645, in release
        return await asyncio.shield(ch.release(timeout), loop=self._loop)
    RuntimeError: Task <Task pending coro=<Pool.release() running at /Users/ramon/.pyenv/versions/stf-api/lib/python3.7/site-packages/asyncpg/pool.py:645> cb=[shield.<locals>._inner_done_callback() at /Users/ramon/.pyenv/versions/3.7.4/lib/python3.7/asyncio/tasks.py:803]> got Future <Future pending cb=[shield.<locals>._outer_done_callback() at /Users/ramon/.pyenv/versions/3.7.4/lib/python3.7/asyncio/tasks.py:820]> attached to a different loop
    How is it possible that request Task is attached to different loop than asyncpg ?
    May it be that there is a uvloop engine running and asyncio engine running ?
    Ramon Navarro Bosch
    @bloodbare
    Correct at startup loop is <_UnixSelectorEventLoop running=True closed=False debug=False> and at request time <uvloop.Loop running=True closed=False debug=False>
    Ramon Navarro Bosch
    @bloodbare
    Another question, is it possible that docs does not work as they depend on aiohttp Test Server ?
    Ramon Navarro Bosch
    @bloodbare
    about the loop definetively uvicorn setups a new loop after startup (https://github.com/encode/uvicorn/blob/ad4ea90568a42eaa24cc6c597783246de5f35915/uvicorn/main.py#L339)
    Ramon Navarro Bosch
    @bloodbare
    @masipcat_gitlab @vangheem fix ready: plone/guillotina#749
    @masipcat_gitlab with this fix my pass 80% of my tests :) great work!
    btw, the tests were not detecting this blocking bug because we don’t run uvicorn on tests
    Jordi Masip
    @masipcat_gitlab
    @bloodbare If the 20% of failing tests are due guillotina–elasticsearch I have a branch with a fix
    btw, the tests were not detecting this blocking bug because we don’t run uvicorn on tests
    We could write some integration tests maybe to test g with unicorn hypercorn
    Ramon Navarro Bosch
    @bloodbare
    @masipcat_gitlab I’m not using ES
    its mostly due to my code and looops
    Jordi Masip
    @masipcat_gitlab
    OK 👍