[Zope-dev] Removal of aq_acquire from guarded_getattr
Stefan H. Holek
stefan at epy.co.at
Fri Jan 21 11:51:33 EST 2005
This effectively changes how acquisition works in restricted Python. I
understand this may well be the point <wink>.
Zope sites experiencing seemingly random Unauthorized errors. 
I have added tests to the AccessControl suite on 2.7 branch that
demonstrate the new behavior. Note that all of them pass in Zope 2.7.2.
What it _appears_ to mean is that when a container denies access, the
object security of the acquiree is checked. Therefore, a potential
acquiree (read: _any_ object) must make sure to declareObjectProtected
or it may end up not being acquirable. This is not always the case in
current Zope/CMF/Plone which would explain the Unauthorized errors we
Tres, I am happy to discuss this further once you had a look at the
tests. I also have tests for the CMF in case you want them.
The time has come to start talking about whether the emperor is as well
dressed as we are supposed to think he is. /Pete McBreen/
More information about the Zope-Dev