[Zope-dev] Re: Bad interaction between Zope 2.7.3 and CMF 1.4

Tres Seaver tseaver at zope.com
Sat Oct 9 12:04:19 EDT 2004


Stefan H. Holek wrote:
> While testing a large-ish customer project under Zope 2.7.3 we found that
> when an object with setDefaultAccess('deny') is used as the context for
> a PythonScript, the script can no longer aquire tools from the portal
> root.

*By definition*, anybody who has declared 'setDefaultAccess('deny') 
*wants* the behavior you describe:  that declaration says, "unless I 
give you explicit permission for using a name, refuse."

If Plone has classes which make such assertions, then either the authors 
*meant* them, or they need to be removed.  This is (literally) the same 
thing as declaring '__allow_access_to_unprotected_subobjects__ = 0' in 
your class.

You could still acquire explicit objects from above, e.g.:

   - Make the class derive from Acquisition.Explicit (might not be
     necessary;  I can't recall whether the 'Acquired' bit works also
     for Acquisition.Implicit instances).

   - For each attribute you want to acquire, add 'foo = Acquired()',
     to the class

   - Make security assertions about each attribute.

> Because a test says more than a thousand words, I added one to CMFDefault.

Your test doesn't really belong in CMF, as you are arguing that the 
current implemtation in Zope is broken.

Please *don't* check such a test in on the HEAD (or branch head) until 
after this discussion is resolved.

> To reproduce:
> - get Zope-2_7-branch
> - get CMF-1_4-branch
> - run tests of CMFDefault, notably test_RestrictedAcquisition.py
> 
> Rolling back this checkin restores functionality:
> http://mail.zope.org/pipermail/zope-checkins/2004-August/028152.html
> 
> Note that I was unable to reproduce the issue with CMF 1.5 (or plain 
> Zope, for
> that matter). What has changed? Beats me! Note that this issue has the 
> potential
> to break each and every Plone site out there.
> 
> Ultimately, I feel that unless there is a *very* good reason for 
> removing the aq_acquire call from cAccessControl/ImplPython it should be restored.

Thank you for making the case reproducible;  Richard Jones had reported 
this issue earlier, but couldn't cut it down to a simple case.  I will 
work on adding tests to AccessControl which make the intent clear (we 
can still argue about whether to keep the change).

Tres.
-- 
===============================================================
Tres Seaver                                tseaver at zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com


More information about the Zope-Dev mailing list