Dieter Maurer wrote:
Dieter Maurer wrote
... protecting simple type attributes by roles ...
Patch attached.
I have a small optimization:
if ( # start with inexpensive checks roles is not _noroles or name is None or value is None or container is None # now the expensive ones or hasattr(value,'__roles__') or not hasattr(aq_base(container), name + '__roles__') ):
If we replace "hasattr(value,'__roles__')" above by "hasattr(aq_base(value),'__roles__')", then the (discarded) roles computation becomes a bit cheaper.
I'm going with a bit simpler approach See my upcoming checkin. Basically, I've created a getRoles method to be used instead of "getattr(ob, '__roles__', _noroles)". One issue is that the security polict is not the only place where this special computation needs to be done. Also note that I had to get rid of the validateValue call. It's important that we always pass the name and container to code that needs to get roles. Jim -- Jim Fulton mailto:jim@zope.com Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporation http://www.zope.com http://www.zope.org