[Zope-dev] But I used __ac_permissions__! :S

Chris Withers chrisw@nipltd.com
Fri, 01 Sep 2000 17:00:33 +0100


Brian Lloyd wrote:
> 
> Here's a quick thing to try- if 'subject' is an attribute
> of your Article class, try adding:
> 
> class Article(...):
>   subject__roles__=None
> 
> then restart and see if you still get unauthorized...

yup, I do :-(

And besides, 'subject' is already in __ac_permissions__, as you can see:

(a lot of stuff snipped out though ;-)

    __ac_permissions__ = (
        ('View', ['subject','getThread'], ('Anonymous', 'Manager')),
        )

and I do appropriate Globals.default__class_init__'s...

Man, I really have no idea, and not even any clue where to look.

The big factor seems to be that 'subject' is a string. I had a similar
problem with the SquishFile class with the 'icon' attribute.

When it was a string:

    # protected by 'View' permission
    icon = 'misc_/Squishdot/squishfile_img'

...even though it was a class variable and protected in
__ac_permissions__, I was getting very similar errors to the above...

I was lucky, in that case, because it was a class variable, I could turn
it into a method:

    # protected by 'View' permission
    def icon(self):
        return 'misc_/Squishdot/squishfile_img'

...and, lo and behold, no more security errors from there... :S

Unfortunately, the string attributes in the Article class are instance
attributes, not class attributes, so I can't do the same thing :-(

Any ideas?

cheers,

Chris