Yuppie wrote:
Hi!
Writing a hotfix for my product
Are you sure? Are you writing an urgent ad-hoc security update that is important and can't wait until the next official release of your product? If not, you're writing a "dynamic patch" or "monkey patch", not a hotfix.
I have same questions about security declarations. The ZDG doesn't cover this.
1.) adding a new Method: Is the following code safe? Or is there a better way to do that?
<code> from Globals import InitializeClass from AccessControl import ClassSecurityInfo from Products.oldProduct import oldClass
def newMethod(self): pass
oldClass.security = ClassSecurityInfo() oldClass.security.declareProtected( 'View', 'newMethod' ) oldClass.newMethod = newMethod
InitializeClass(oldClass) </code>
I think this might wipe out the old security assertions, but I'm not sure.
2.) override security declaration:
<code> oldClass.security.declareProtected( 'View', 'oldMethod' ) InitializeClass(oldClass) </code>
This code raises a conflict warning and doesn't change the setting. The ZDG says: "it is not legal to declare two conflicting permissions on a method". Why is it illegal? Why will it only accept the first declaration and not override it? Is there an other solution?
I'm surprised that this works, as I would have expected oldClass to have been initialized already. As far as I can remember, initializing a class causes any attributes that are of type ClassSecurityInfo to be processed, then removed from the class. Do you really need to dynamicaly patch to do this? Perhaps instead you can subclass the original class, and then overwrite the name of the original class in its module with your new class. -- Steve Alexander