[Zope-dev] Product author's guide to Zope 2.2+ is ready...

[Toby Dickenson]

On Mon, 26 Jun 2000 11:25:51 -0400, Brian Lloyd <Brian@digicool.com>
wrote:

>As promised, I've written up a guide for product authors that 
>talks about the security changes in Zope 2.2+, what they mean 
>to product authors and how to ensure that your products work 
>with 2.2:

Thanks, that is a useful resource.

>http://www.zope.org/Documentation/How-To/ProductAuthorUpdateGuide/index_html

But it has raised some questions......


Firstly, how does the presence of
__allow_access_to_unprotected_subobjects__=1 in a class affect access
to attributes in derived classes? Does it affect the whole instance,
or just attributes of the class that includes it. In the following
example I know subobject_2 is accessible, but what about the others?

class a:
    def subobject_1(self):
	return 1
class b(a):
    __allow_access_to_unprotected_subobjects__=1
    def subobject_2(self):
	return 2
class c:
    def subobject_3(self):
	return 3
class d(b,c):
    def __init__(self):
        self.subobject_4 = 4
    def subobject_5(self):
	return 5


Secondly, I am confused that there have not been any security changes
in ObjectManager.py and PropertyManager.py. As I understand it, the
subobjects that they manage (ie properties and folder items) now fall
into the inaccessible-by-default category. What am I missing?




Toby Dickenson
tdickenson@geminidataloggers.com