----- Original Message ----- From: "Chris Withers" <chrisw@nipltd.com> To: "Gilles Lenfant" <gilles@pilotsystems.net> Cc: "Toby Dickenson" <tdickenson@geminidataloggers.com>; <zope-dev@zope.org> Sent: Thursday, August 01, 2002 6:18 PM Subject: Re: [Zope-dev] Removing the acquisition wrapper from an object (Python script)
Gilles Lenfant wrote:
manage_permission(self, permission_to_manage, roles=[], acquire=0, REQUEST=None)
Just use this method in an "untrusted" python script on any Zope object, add to it Manager proxy, and you're done.
That method just tweaks the permissions settings. It certainly doesn't let you strip off the acquisition wrappers (and hence security settings).
Please give examples :-)
cheers,
Chris
Chris, There's some misunderstanding: I was formerly looking for a way to get rid of the acquisition wraper of an object from an untrusted python script. Toby Dickenson replied me that aq_base (as opposite to aq_parent) is not part of the acquisition utilities available from an untrusted python script because it "enables to tweak the object's security settings". I replied there are ways to tweak permission settings of an object from a python script with a Manager proxy. I didn't say in any way that it's possible to remove the acquisition wrapper of an object with obj.manage_permission(...) of course :)) That's all ! Now I'm always looking for an alternate way to get rid of the acquisition wrapper and access only the objects own props. TIA --Gilles