On Mon, 26 Jun 2000 11:25:51 -0400, Brian Lloyd <Brian@digicool.com> wrote:
As promised, I've written up a guide for product authors that talks about the security changes in Zope 2.2+, what they mean to product authors and how to ensure that your products work with 2.2:
Thanks, that is a useful resource.
http://www.zope.org/Documentation/How-To/ProductAuthorUpdateGuide/index_html
But it has raised some questions...... Firstly, how does the presence of __allow_access_to_unprotected_subobjects__=1 in a class affect access to attributes in derived classes? Does it affect the whole instance, or just attributes of the class that includes it. In the following example I know subobject_2 is accessible, but what about the others? class a: def subobject_1(self): return 1 class b(a): __allow_access_to_unprotected_subobjects__=1 def subobject_2(self): return 2 class c: def subobject_3(self): return 3 class d(b,c): def __init__(self): self.subobject_4 = 4 def subobject_5(self): return 5 Secondly, I am confused that there have not been any security changes in ObjectManager.py and PropertyManager.py. As I understand it, the subobjects that they manage (ie properties and folder items) now fall into the inaccessible-by-default category. What am I missing? Toby Dickenson tdickenson@geminidataloggers.com