[Zope-dev] disable view on method for ZClass

Tim McLaughlin tim@bcswebservices.net
Thu, 17 May 2001 10:04:19 -0400


OK here's a strange request that I think should be changed on ZClasses (bear
w/ me):

'View' permission should be disablable on a method of a ZClass.  Right now,
it forces 'View' to be mapped to 'View' if one tries to disable it.  The
reason is the event model that I am making available for ZClasses.  One such
event is the "onPropertyChange" which passes (self, propertysheet_id,
changes, REQUEST) to the ZClass method.  This is all well and good except
that the same method can be called TTW, and thus forged.  Worse yet, the
changes param could be forged so that the method has false params.
Disabling the method for TTW calling cleans everything up nicely.

Anybody have any thoughts?  Also, does anybody have any idea where it is
currently getting the default set... I can't seem to find it.

Thanks,
Tim

___________________________________________________________
Tim McLaughlin                     		BCSwebservices.net
Director, Technical Group            	1950 Old Gallows Road
tel:  (703) 790.8081 x111		Suite 201
tim@bcswebservices.net		Vienna, VA 22182
www .bcswebservices. net