4 Oct
2000
4 Oct
'00
6:27 p.m.
At 12:27 PM 10/4/00 -0400, Brian Lloyd wrote:
I've verified (any of my previous comments to the contrary) that simple attributes (python types) do not really play in the permissions machinery. The canonical way to expose such things for now is to expose them through method calls (which can play in the permissions scheme).
IIRC, this stuff got broken by the switch to the new security machinery. ZopeSecurityPolicy doesn't check 'foo__roles__' on the parent object the way ZPublisher does/did.