In the new security model is it just attributes that are methods that are protected or is it all attributes?
All attributes - methods just happen to be the most common case.
Now, would I need body__roles__=None or somethign similar to be able to do: <dtml-var body>
Yes, or (better) associate the name of the attribute with a permission. Brian Lloyd brian@digicool.com Software Engineer 540.371.6909 Digital Creations http://www.digicool.com
Brian Lloyd wrote:
In the new security model is it just attributes that are methods that are protected or is it all attributes?
All attributes - methods just happen to be the most common case.
Ah, okay, that makes life interesting :S (although it does make more sense than just protecting methods ;-)
Now, would I need body__roles__=None or somethign similar to be able to do: <dtml-var body>
Yes, or (better) associate the name of the attribute with a permission.
Hmmm. Hence the problem with properties that meant OFS.Item.SimpleItem had to have __allow_access_to_unprotected_subobjects__=1? Can you not just assign roles to properties as they're created or am I missing something else? Well, related to this: Is there any way I can find out what attribute is trying to be accessed that is raising an exception? I feel like I'm trying to find a needle in a haystack converting Squishdot and I don't want to just wimp out and put __allow_access_to_unprotected_subobjects__=1 in all the classes :S Any ideas? cheers, Chris
participants (2)
-
Brian Lloyd -
Chris Withers