Martijn Faassen writes:
Dieter Maurer wrote: [snip]
Now replace the line "security.declarePublic('getTitle')" with something like "security.declareProtected('View', 'getTitle')", and suddenly nobody is allowed to call getTitle() on a Book object anymore. You must acquistion wrap your book objects. Otherwise, Zope's security code is unable to find the permission-role mapping.
Try:
return books.__of__(self)
Aah, of course, makes sense. They should put this in the developer's guide! The thing that tripped me up is that it works at all for declarePublic. :) The basic security mechanism uses the attribute "m__roles__" in order to protect "m". If this attribute it "None", then "m" is public. Otherwise, it is expected to be a sequence of roles that are allowed to use "m".
But, "ExtensionsClass" brings with it computed attributes. This allows "m__roles__" to be not a sequence but a method returning a sequence. When you protect "m" with a permission "p", then "m__roles__" is set to "PermissionRole(p)". This instance dynamically evaluates into a sequence of roles by crawling up the "aq_container" (which is correctly "aq_parent" after "aq_inner") chain and translating "p" into roles by interpreting the "permission-to-role" mapping it finds on its way to the application object. Therefore, "declarePublic" works for non-wrapped instances while "declareProtected" requires the wrapping. Dieter