[Zope] Can't set security on file objects (bug)

Brian Lloyd Brian@digicool.com
Fri, 25 Feb 2000 09:56:11 -0500


> On Wed, 23 Feb 2000, Michel Pelletier wrote:
> 
> > What's the traceback embeded in the HTML error page?
> > 
> > -Michel
> > 
> 
> 
> Hi Michel
> 
> This is what I get:
> 
> Traceback (innermost last):
>
> <traceback snipped>

Hi guys -

This is (was) a bug. It's apparently been there ever since 
the 'tag' method was added to the Image class. Because Image
and File objects shared their __ac_permissions__ structure
(through subclassing) and the 'tag' method appeared in the 
'View' permission in that structure, setting the View permission
would work for Images but not for File objects (because the 'tag'
method could not be found by the permission setting machinery.

The fix was to make sure each class had its own appropriate 
__ac_permissions__ structure. I've checked this into CVS, so 
if you are tracking CVS you can update the file OFS/Image.py 
to get the change. If not, I can send you the file if it's 
extremely urgent or you can use the Folder permission workaround 
for now. There will probably be a 2.1.5 release at some point 
before 2.2 - the change will be in that, but I can't give you 
a date at the moment.

Hope this helps!


Brian Lloyd        brian@digicool.com
Software Engineer  540.371.6909              
Digital Creations  http://www.digicool.com