[Zope3-Users] Security between Context and View

Klaus Bremer klaus.bremer at bmcct.de
Sat May 13 04:07:18 EDT 2006


You can try to bypass the zope security mechanism by using
'removeSecurityProxy':


from zope.security.proxy import removeSecurityProxy

...
def doTransaction(self):
    transaction = removeSecurityProxy(self.context.produceTransaction())
...


hth
-klaus



----Ursprüngliche Nachricht----
am: Fri, 12 May 2006 10:14:29 -0500
von: David Johnson : djohnson at jsatech.com

>I have a view object which calls it's content object to return another
>object.  The view object does not have access to the returned object, and I
>receive a forbidden attribute error.
>
> 
>
>***Content***
>
> 
>
>class Transaction(object):
>
> 
>
>      transid=u''
>
> 
>
>class TransactionFactory(Persistent,Contained):
>
>       
>
>     implements(ITransactionFactory)
>
> 
>
>     def produceTransaction(self):
>
>          transaction = Transaction()
>
>          transaction.transid = 'abcd'
>
>          return transaction
>
> 
>
>***View***
>
> 
>
>class Transaction:
>
> 
>
>      def doTransaction(self):
>
>           transaction = self.context.produceTransaction()
>
>           self.session['transid'] = transaction.transid
>
>           transaction.commit()
>
> 
>
>This generates a forbidden attribute error on
>transaction.Transaction.transid
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
> 
>
>--
>
>David Johnson
>
> 
>
>_______________________________________________
>Zope3-users mailing list
>Zope3-users at zope.org
>http://mail.zope.org/mailman/listinfo/zope3-users




More information about the Zope3-users mailing list