[Zope-dev] Re: [ZPT] accessing object attributes from python expression raises error

Michael R. Bernstein webmaven@lvcm.com
09 Jan 2002 10:12:14 -0800


On Wed, 2002-01-09 at 01:40, Wolfram Kerber wrote:
> 
> From: "Chris McDonough":
> 
> 
> > > meta_type is an attribute, so you can't just do
> > >
> > > security.declareProtected(ACCESS_CONTENTS_PERM, 'meta_type')
> >
> > That's right.
> >
> > > The id attribute has the getId method, perhaps what's required is a
> > > getMetaType method that can be suitably protected?
> > >
> > > This would still be a pretty easy fix:
> > >
> > >     security.declareProtected(ACCESS_CONTENTS_PERM, 'getMetaType')
> > >     def getMetaType(self):
> > >         """ """
> > >         return self.meta_type
> > >
> > > Am I missing something?
> >
> > Nope, that would work.  But I think also:
> >
> > meta_type__roles__ = None
> >
> > .. as a class attr would work as well.
> >
> > I'll try it and let you know if it works.
> 
> security.setDefaultAccess({'meta_type': 1}) should do
> 
> the parameter is what has been __allow_access_to_unprotected_subobjects__,
> that can be a boolean, dictionary or callable

Interesting. I didn't think you could have more than one
setDefaultAccess in a class. If you can, then you can set:

security.setDefaultAccess('deny')
security.setDefaultAccess({'meta_type': 1})

But otherwise, you would have to list all attributes of the class in the
dict of a single statement, wouldn't you?

Michael Bernstein.