Stefan H. Holek wrote:
On 09.10.2004, at 18:04, Tres Seaver wrote:
*By definition*, anybody who has declared 'setDefaultAccess('deny') *wants* the behavior you describe: that declaration says, "unless I give you explicit permission for using a name, refuse."
If Plone has classes which make such assertions, then either the authors *meant* them, or they need to be removed. This is (literally) the same thing as declaring '__allow_access_to_unprotected_subobjects__ = 0' in your class.
Plone itself doesn't AFAICS. Third party applications may, like the one I was talking about. The unfortunate coincidence is that these apps work fine with Zope up to 2.7.2.
This would be a good time for those apps to convert to usubg 'getToolByName'. E.g., instead of: tool = context.portal_sometool they should be doing: from Products.CMFCore.utils import getToolByName tool = getToolByName(context, 'portal_sometool') 'getToolByName' already does the Right Thing here, because it uses 'aq_get' to find the tool. Tres. -- =============================================================== Tres Seaver tseaver@zope.com Zope Corporation "Zope Dealers" http://www.zope.com