If anyone can help me with this, it'd give me more faith in the new security model :-S Right, I have a Python Product Class (lots of bits left out ;-):
class MyProduct(OFS.SimpleItem.SimpleItem): """... """
__ac_permissions__=( ('Use MyProduct' , ('a_method',),('Manager',)), )
a_methodisDocTemp=1
def a_method(self,ignored,md): list = [] for name in self.get_contents(): list.append(DisplayClass(name,self))
return list
The important bits of DisplayClass look like:
class DisplayClass(Globals.Persistent): """ """
__allow_access_to_unprotected_subobjects__=1
meta_type = 'CaseDisplay'
__ac_permissions__=( ('View', ('get_name',),('Anonymous',)), )
...
def get_name(self): return self._name
Now, I have a DTML method which goes like:
<dtml-with an_instance_of_MyProduct> <dtml-in a_method> <B><dtml-var sequence-item html_quote>:</B> <dtml-var get_name><BR> </dtml-in> </dtml-with>
Which _always_ throws up an authentication box when a_method returns anything except an empty list. no matter what username or password I use, that box still appears. What I would like is for the get_name and a_method methods to be mapped to permissions so I can manage access to them using the security tab. How should I do that? BTW, in an attempt to get the method accessible in _some_ way I have tried: - setting __allow_access_to_unprotected_subobjects__=1 in both the MyProduct and DisplayClass classes. - setting get_name__roles__=None in the DisplayClass. - giving every conceivable permission to both the Anonymous and Manager roles in the folder containing the MyProduct instance None of which feel like a good way to go, but nevertheless, none of them worked. The only way I coudl solve the problem was to give the DTML Method the 'Manager' proxy role, then everything worked fine. Why is that? What's _is_ going on? Confused and Frustrated (isn't that always the way with Zope security?!) Chris