[Zope-DB] restricted zsql permissions: there must be an easier
way!
Dieter Maurer
dieter at handshake.de
Thu Jul 22 16:24:49 EDT 2004
> ...
> The ZPT code which generates the error is the following:
>
> <div tal:define=3D"adresses python:container.sql.getAddresses()"
> tal:repeat=3D"address addresses" tal:omit-tag=3D"">
> <strong tal:content=3D"address/attribute1">First attribute in the
> address</strong><br>
> ...
> </div>
>
> being getAddresses() the script with manager/owner proxy role which
> calls the ZSQL method in the restricted folder, and attribute1 one of
> the fields returned by the ZSQL method.
Are you sure that "attribute1" is returned as field from your
Z SQL Method?
The returned objects (both the "Results" object
as well as the individual "record"s objects) are
public and can be accessed without restriction.
I see only one potential explanation:
The "row" does not contain an "attribute1" attribute,
it therefore is acquired and access to this object
is not allowed.
--
Dieter
More information about the Zope-DB
mailing list