[Zope-dev] 2.7 branch: attribute permission problems
richard at commonground.com.au
Tue Sep 14 22:18:49 EDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 15 Sep 2004 12:15 pm, Chris McDonough wrote:
> On Tue, 2004-09-14 at 21:18, Richard Jones wrote:
> > On the "proposals" object though, we don't have any delaration for the
> > "secure_url" attribute. If I add one, or a general
> > security.setDefaultAccess("allow"), then the error goes away. This
> > doesn't seem correct to me.
> It sure doesn't sound right. Just to be pedantic: You have an object A
> that has no security assertion for "secure_url". You have an object "B"
> that does. When you access the aq context a.__of__(b) and ask it for
> "secure_url" in restricted code, it refuses access. Is that a
> reasonable characterization or am I reading it wrong?
Yep, that's the situation. It appears to look for the security assertions for
"secure_url" on A instead of B. Note that "secure_url" is an attribute of B.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Zope-Dev