__ac_permissions__ question - Zope-Dev - Zope lists

newer
RE: [Zope-dev] Re:...

__ac_permissions__ question

older
RE: [Zope-dev] attribute...

Chris Withers

21 Aug 2000 21 Aug '00

2:43 p.m.

If I define the following in an Article class (which subclasses Posting): __ac_permissions__ = Posting.__ac_permissions__ + ( ('View', ['prev_item','next_item','showSummary','desc_items'], ('Anonymous', 'Manager')), ) and Posting.__ac_permissions__ also defines a 'View' permission, which methods are covered? (the ones from Posting, the ones from Article or (hopefully) the union of the two sets of methods) cheers, Chris PS: If it's nto the union, how can I achieve this effect?

Reply

Sign in to reply online Use email software

Show replies by date

Shane Hathaway

21 Aug 21 Aug

2:48 p.m.

New subject: [Zope-dev] Re: __ac_permissions__ question

Chris Withers wrote:

If I define the following in an Article class (which subclasses Posting):

__ac_permissions__ = Posting.__ac_permissions__ + ( ('View', ['prev_item','next_item','showSummary','desc_items'], ('Anonymous', 'Manager')), )

You don't need to concatenate the permissions of the base classes. default__class_init__ will pick them up.

and Posting.__ac_permissions__ also defines a 'View' permission, which methods are covered?

Assertions made on a method in a subclass override the assertions made in the base class. I hope that's clear enough... Shane

Reply

Sign in to reply online Use email software

Chris Withers

3:32 p.m.

New subject: [Zope-dev] Re: __ac_permissions__ question

Shane Hathaway wrote:

...
__ac_permissions__ = Posting.__ac_permissions__ + ( ('View', ['prev_item','next_item','showSummary','desc_items'], ('Anonymous', 'Manager')), )

You don't need to concatenate the permissions of the base classes. default__class_init__ will pick them up.

Now that I've got it in there ;-)

...
and Posting.__ac_permissions__ also defines a 'View' permission, which methods are covered?

Assertions made on a method in a subclass override the assertions made in the base class.

Okay, Posting has the following list of methods for the 'view' permission: ['date_posted','body_len','date_created','time_created','attachment','thread_path','index_html','showBody', 'desc_items','dupString','striptags','tpId','tpURL','this','has_items','thread','title','author','body', 'email','subject'] Now, what I want to do is add the following methods to this list for the Article class which subclasses Posting: ['prev_item','next_item','showSummary','desc_items'] How do I do that? cheers, Chris

Reply

Sign in to reply online Use email software

Shane Hathaway

3:37 p.m.

New subject: [Zope-dev] Re: __ac_permissions__ question

Chris Withers wrote:

Okay, Posting has the following list of methods for the 'view' permission: ['date_posted','body_len','date_created','time_created','attachment','thread_path','index_html','showBody',

'desc_items','dupString','striptags','tpId','tpURL','this','has_items','thread','title','author','body', 'email','subject']

Now, what I want to do is add the following methods to this list for the Article class which subclasses Posting: ['prev_item','next_item','showSummary','desc_items']

How do I do that?

class Article: __ac_permissions__ = ( ('View', ('prev_item', 'next_item', 'showSummary', 'desc_items')), ) ... etc ... Globals.default__class_init__(Article) This should work as expected. Security assertions are inherited except when overridden. BTW did getSubject() solve your other problem? I'm not sure irc is going to work again. "irc.openprojects.net" seems to be too busy. Shane

Reply

Sign in to reply online Use email software

Chris Withers

6 p.m.

New subject: [Zope-dev] Squishdot and Zope 2.2

Shane Hathaway wrote:

...
How do I do that?

class Article:

__ac_permissions__ = ( ('View', ('prev_item', 'next_item', 'showSummary', 'desc_items')), )

... etc ...

Globals.default__class_init__(Article)

Okay, I've changed it to that now :-)

BTW did getSubject() solve your other problem?

I don't think I got that bit ;-) The subject issue was solved by mixing RoleManager into posting. Does everything have to have RoleManager mixed in now? :S Then there was the thread[0] intSet issue which was solved with a hacky getThread() method. *grumble* *grumble* why aren't intSet's done properly?! cheers, Chris

Reply

Sign in to reply online Use email software

Shane Hathaway

6:09 p.m.

New subject: [Zope-dev] Re: Squishdot and Zope 2.2

Chris Withers wrote:

Shane Hathaway wrote:

...
...
How do I do that?

class Article:

__ac_permissions__ = ( ('View', ('prev_item', 'next_item', 'showSummary', 'desc_items')), )

... etc ...

Globals.default__class_init__(Article)

Okay, I've changed it to that now :-)

...
BTW did getSubject() solve your other problem?

I don't think I got that bit ;-)

Add a getSubject() method which simply returns the subject, that way you can protect getSubject() without any question of future portability.

The subject issue was solved by mixing RoleManager into posting. Does everything have to have RoleManager mixed in now? :S

Hmm, that worked huh? :-/

Then there was the thread[0] intSet issue which was solved with a hacky getThread() method. *grumble* *grumble* why aren't intSet's done properly?!

Hopefully you got the mail I sent to Brian and CC'd to you. The response is that we need to find a proper solution to the mutability problem rather than open up intSet and BTree to an attack. Actually, in terms of OO purity, using a getThread() method is much better, so what you did is *not* a hack. :-) Shane

Reply

Sign in to reply online Use email software

9382

Age (days ago)

9382

Last active (days ago)

5 comments

2 participants

tags

participants (2)

Chris Withers
Shane Hathaway