[Zope-dev] Re: Bad interaction between Zope 2.7.3 and CMF 1.4
Tres Seaver
tseaver at zope.com
Wed Oct 13 10:04:10 EDT 2004
Stefan H. Holek wrote:
> Note that I found it to be relevant which object I want to acquire
> (don't ask me why, though).
Because the policy checks the roles on the acquired object? As Dieter
points out, 'setDefaultAccess(deny)' should only apply to subobjects
which do *not* have their own roles.
> E.g. going back to my CMFDefault examples, I *can* acquire
> portal_workflow and portal_url, but I can *not* acquire
> portal_membership and acl_users from a denied context. Go figure.
>
> If I change the test below to "app.wanted =
> PartlyProtectedSimpleItem3()" the test fails on current 2_7-branch ...
But that test fails on 2.7.2, as well. My change was actually to the
implementation of 'guarded_getattr', which is not tested in
'testZopeSecurityPolicy' (the location of my original patch); rather,
its tests are in 'testZopeGuards' (where my second patch applies).
I have not yet bee able to write a good test there yet (one which either
passes on the 2.7 head and fails for 2.7.2, or vice versa).
Tres.
--
===============================================================
Tres Seaver tseaver at zope.com
Zope Corporation "Zope Dealers" http://www.zope.com
More information about the Zope-Dev
mailing list