You say these rules are new but there have been no intentional changes to how security works. From DTML and scripts, you've always been unable to call methods on objects that had no security assertions. If Y has no security assertions, this is the intended behavior. It worked before? In what version of Zope? And what version are you using now? Stephan Richter wrote:
Hello everyone,
I have a major issue with the new security. Let's say I have class X (a nice Zopish object) and an object Y.
class X:
Y = Y
Now, I am still able to access Y in an instance of X, like:
x = X() x.Y
but I am not able to access method do_z() anymore.
x.Y.do_z()
BTW, Y is not a nice Zope object but an instance from anywhere. And setting __allow_access_to_unprotected_subobjects__ does not help much either and it should not be the final solution anyway.
Can anyone help?
Regards, Stephan
-- Stephan Richter CBU - Physics and Chemistry Student Web2k - Web Design/Development & Technical Project Management
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
-- Chris McDonough Zope Corporation http://www.zope.org http://www.zope.com "Killing hundreds of birds with thousands of stones"