[Zope] Zope 2.7.4 - ZClass Permissions Change?

Richard Jones richardjones at optushome.com.au
Mon Jan 17 16:14:17 EST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 18 Jan 2005 06:56 am, Jake wrote:
> I have a few ZClass products that no longer allow me to add new objects
> and it is new since Zope2.7b4.
>
> It is happening with a few products like SimpleURL and KnowledgeKit and
> I am getting errors like:
>
> "Unauthorized: You are not allowed to access 'blah' in this context"
>
> It could be a method, a list or ZopeTime.
>
> I looked over the release files and can't find anything on this
> specifically.

There was a change in 2.7.3 that broke a few people's permissions structures. 
The discussion about that kinda petered off with no real resolution, so the 
change is still active in 2.7.4.

Sorry, no handy reference at the moment. The change was in 
AccessControl/ImplPython.py function guarded_getattr. The following change 
"fixed" it for me, though there is concern about the validity of the change:

***************
*** 551,560 ****
              return v

          validate = SecurityManagement.getSecurityManager().validate
+         # Filter out the objects we can't access.
+         if hasattr(inst, 'aq_acquire'):
+             return inst.aq_acquire(name, aq_validate, validate)
+         # Or just try to get the attribute directly.
          if validate(inst, inst, name, v):
              return v
      raise Unauthorized, name
- --- 551,556 ----



    Richard
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFB7CqsrGisBEHG6TARAlAcAJ9hwkoJzBnLR4gqGaf3dUsU/mzlUACfdagl
R+NWeZ19C3MuvHqp7UK3K8I=
=xI0e
-----END PGP SIGNATURE-----


More information about the Zope mailing list