Richard, Would you be able to write a short test case that demonstrates the failure mode that you're seeing in your existing code? It would be nice to understand the failure before blindly reenabling the old behavior because it really is DWIM. Thanks! - C On Tue, 2004-09-14 at 21:18, Richard Jones wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
[might dupe - sent the first copy of this from the wrong address, sorry!]
I've just upgraded to use the bleeding-edge 2-7 branch (from 2.7.2, running in py 2.3.3) and I've started getting permission problems with attributes. The cause appears to be acquired attributes. With VerboseSecurity installed (note: behaviour not dependent on VS - I checked), I get told:
Error Type: Unauthorized Error Value: The container has no security assertions. Access to 'secure_url' of (CG Conference Proposals proposals at 0x41387b40) denied.
The "secure_url" attribute is defined at a much higher object, where we have a declaration including:
security.setDefaultAccess({'secure_url': 1})
On the "proposals" object though, we don't have any delaration for the "secure_url" attribute. If I add one, or a general security.setDefaultAccess("allow"), then the error goes away. This doesn't seem correct to me.
The relevant change in CVS appears to be:
*** ../../../../Zope-2.7.2/lib/python/AccessControl/ImplPython.py 2004-02-10 17:46:02.000000000 +1100 - --- AccessControl/ImplPython.py 2004-09-15 09:59:41.617423171 +1000 *************** *** 551,560 **** return v
validate = SecurityManagement.getSecurityManager().validate - - # Filter out the objects we can't access. - - if hasattr(inst, 'aq_acquire'): - - return inst.aq_acquire(name, aq_validate, validate) - - # Or just try to get the attribute directly. if validate(inst, inst, name, v): return v raise Unauthorized, name - --- 551,556 ----
The change note being "- Removed DWIM'y attempt to filter acquired-but-not-aceessible results from 'guarded_getattr'." and I'm not sure what that means :)
Richard -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBR5hnrGisBEHG6TARAuucAJ42D8pU6kuPQ+mBwadqJq8uQbG12gCggN2u AzBBhs5eCekTdl6bYtyBrCk= =aUXn -----END PGP SIGNATURE----- _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )