[Zope-dev] Request for amplification on new Product permissions API.

R. David Murray bitz@bitdance.com
Fri, 7 Jul 2000 00:03:23 -0400 (EDT)


OK, I read Brian's excellent HowTo on the 2.2 Product permissions API,
but it unfortunately doesn't give me the answer to my current
2.2 problem (or if it does there's something else I don't know that
is preventing me from figuring it out).

I'm trying to update EMarket to work under 2.2.  EMarket has a
shopper object.  A shopper's current set of potential purchases
is stored on the shopper object in a 'basket' attribute.  What
gets assigned to this attribute is an instance of a 'Basket' class.
It inherits from Persistent and Acquisition.implicit.  (Shopper,
among other things, inherits from OFS.SimpleItem, by the way.)

So, when I access the page that displays the current shopping cart,
under 2.2 I get an unauthorized error when the dtml code
attemps to access an attribute of the basket object.

So, what do I need to do to allow controlled access to this object?
I understand that Shopper, inheriting from SimpleItem, already has
the access to unprotected subobjects flag.  And I'd rather protect
the object correctly, anyway <grin>.  I tried adding an ac_permissions
structure to the class, giving View permission to the attribute
that is throwing the unauthorized error, but that doesn't seem to
have changed the behavior.  Adding the access to subobjects flag
also didn't do anything.  I created a new shopper/basket just in
case the changes don't affect existing objects, but still got the
same unauthorized error.

--RDM