Hi! Steve Alexander wrote:
Are you writing an urgent ad-hoc security update that is important and can't wait until the next official release of your product?
If not, you're writing a "dynamic patch" or "monkey patch", not a hotfix.
I don't want to argue about that. Perhaps Casey Duncan should rename his how-to. ( http://www.zope.org/Members/Caseman/Dynamic_Hotfix )
1.) adding a new Method: Is the following code safe? Or is there a better way to do that?
<code> from Globals import InitializeClass from AccessControl import ClassSecurityInfo from Products.oldProduct import oldClass
def newMethod(self): pass
oldClass.security = ClassSecurityInfo() oldClass.security.declareProtected( 'View', 'newMethod' ) oldClass.newMethod = newMethod
InitializeClass(oldClass) </code>
I think this might wipe out the old security assertions, but I'm not sure.
Tested this. InitializeClass seems to append the new assertions.
2.) override security declaration:
<code> oldClass.security.declareProtected( 'View', 'oldMethod' ) InitializeClass(oldClass) </code>
This code raises a conflict warning and doesn't change the setting. The ZDG says: "it is not legal to declare two conflicting permissions on a method". Why is it illegal? Why will it only accept the first declaration and not override it? Is there an other solution?
I'm surprised that this works, as I would have expected oldClass to have been initialized already. As far as I can remember, initializing a class causes any attributes that are of type ClassSecurityInfo to be processed, then removed from the class.
Sorry. That was not the complete code. I first created a new ClassSecurityInfo for oldClass.
Do you really need to dynamicaly patch to do this?
Just thought there might be an easy solution.
Perhaps instead you can subclass the original class, and then overwrite the name of the original class in its module with your new class.
I'll have a look at this. If it works from a dynamic patch that's all I need. Thanks! Yuppie