"Phillip J. Eby" wrote:
At 12:27 PM 10/4/00 -0400, Brian Lloyd wrote:
I've verified (any of my previous comments to the contrary) that simple attributes (python types) do not really play in the permissions machinery. The canonical way to expose such things for now is to expose them through method calls (which can play in the permissions scheme).
IIRC, this stuff got broken by the switch to the new security machinery. ZopeSecurityPolicy doesn't check 'foo__roles__' on the parent object the way ZPublisher does/did.
It never did. Before the switch to the new policy machinery, most attributes that don't have roles were unprotected. Now, we at least have a way to make some assertions. Jim -- Jim Fulton mailto:jim@digicool.com Python Powered! Technical Director (888) 344-4332 http://www.python.org Digital Creations http://www.digicool.com http://www.zope.org Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email address may not be added to any commercial mail list with out my permission. Violation of my privacy with advertising or SPAM will result in a suit for a MINIMUM of $500 damages/incident, $1500 for repeats.