[zope2-tracker] [Bug 142921] Re: security.declareObjectProtected('View') appears to be buggy

Tres Seaver tseaver at palladion.com
Mon Apr 12 07:33:35 EDT 2010


I looked back at this:  basically, the issue here is that using
'security.declareObjectProtected' requires that you *also* set up the
default role-permission mapping using 'setPermissionDefault', e.g.::

    'security.setPermissionDefault('View', ['Anonymous'])

"Local" role bindings are not available to the ClassSecurityInfo object
at startup:  the lazy lookup of those bindings which drives the normal
protection of methods and attributes is driven by the ExtensionClass
attribute getter, and can't work for the "bare" object itself.

** Changed in: zope2
       Status: Incomplete => Invalid

-- 
security.declareObjectProtected('View') appears to be buggy
https://bugs.launchpad.net/bugs/142921
You received this bug notification because you are a member of Zope 2
Developers, which is subscribed to Zope 2.


More information about the zope2-tracker mailing list