security declarations need acquisition contexts to work AFAIK... maybe you could hack around that by setting (hack!) __allow_access_to_unprotected_subobjects__ = 1 in your APStory class. or you have to make sure you wrap every APStory in the context of a valid zope object with __of__ before you access anything on them. jens On Monday, Sep 16, 2002, at 01:25 US/Eastern, sean.upton@uniontrib.com wrote:
I have been spending a bunch of time pulling my hair out on this one, so any insight that anyone might have would be appreciated.
I have been building a product that takes advantage of a module that I have built to query an external data source (NNTP server for AP wire stories) for items to be imported into a CMF site. The product has an adapter that returns a list of temporary objects to get access at external data. The query method for the adapter that I have set up returns a plain-old list of objects of a custom class; I would like to be able to get access to these objects and their methods with TTW python scripts. However, no matter what security assertions I put into the class for the said objects, I still get something along the line of:
The container has no security assertions. Access to 'Title' of (APStory instance at a6704a0) denied.
I'm not sure if the security assertions are not working because the objects within the list returned by my adapter object have no acquisition context, or if the issue is something different...
So say I have some method (that is itself declared as public) that returns something like this:
[<APStory instance at aaa08b0>, <APStory instance at b2c7168>, <APStory instance at b442a28>, <APStory instance at b1e9a60>, <APStory instance at a8fa7a8>, <APStory instance at a406a28>, <APStory instance at a676f48>]
...without any problems (for example, I can traverse via URL to get this), where each APStory object is a temporary, in-memory list that is just the return value of my function. However, whenever I try to access any of these objects within the list from a TTW python script, I get Access denied. All I really want is to be able to access all the methods of each of these objects without interference from Zope's security mechanism.
I'm totally baffled on this one (I've been through about 4 cups of coffee already on this problem alone). I'm using Zope 2.6a1 with VerboseSecurity installed. Any help or pointers is greatly appreciated.
Sean