-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 15 Sep 2004 12:15 pm, Chris McDonough wrote:
On Tue, 2004-09-14 at 21:18, Richard Jones wrote:
On the "proposals" object though, we don't have any delaration for the "secure_url" attribute. If I add one, or a general security.setDefaultAccess("allow"), then the error goes away. This doesn't seem correct to me.
It sure doesn't sound right. Just to be pedantic: You have an object A that has no security assertion for "secure_url". You have an object "B" that does. When you access the aq context a.__of__(b) and ask it for "secure_url" in restricted code, it refuses access. Is that a reasonable characterization or am I reading it wrong?
Yep, that's the situation. It appears to look for the security assertions for "secure_url" on A instead of B. Note that "secure_url" is an attribute of B. Richard -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBR6aJrGisBEHG6TARAgw+AJsFrHNQ7cSs+d4baUjcp6WMznJ83wCfXtVi anfvnB2Gi2xUwQWLVTfoAUk= =BHr1 -----END PGP SIGNATURE-----