Martijn Faassen writes:
I have some issues with using declareProtected() outside product classes (deriving from ObjectManager or SimpleItem). An external method example that _does_ work, taken from the ZDG:
import Globals import Acquisition from AccessControl import ClassSecurityInfo
class Book(Acquisition.Implicit): def __init__(self, title): self._title=title
# Create a SecurityInfo for this class security = ClassSecurityInfo() security.declareObjectPublic()
security.declarePublic('getTitle') def getTitle(self): return self._title
Globals.InitializeClass(Book)
# The actual external method def GetBooks(self): books=[] books.append(Book('King Lear')) books.append(Book('Romeo and Juliet')) books.append(Book('The Tempest')) return books
Now replace the line "security.declarePublic('getTitle')" with something like "security.declareProtected('View', 'getTitle')", and suddenly nobody is allowed to call getTitle() on a Book object anymore. You must acquistion wrap your book objects. Otherwise, Zope's security code is unable to find the permission-role mapping.
Try: return books.__of__(self) Dieter