John Hunter wrote at 2005-6-15 14:42 -0500:
... Dieter> Thus, the primary problem is that "mentor" magically Dieter> does not have a "__roles__" attribute or (maybe) that it Dieter> was never expected to be accessed via the Dieter> "FactoryDispatcher".
My classes are all defined through the old ZClass mechanism and I don't see any way to fix the problem on my end. I've added these security assertions and roles when writing pure python products, but do not know how to do it with ZClasses (is it possible?)
Is this a bug in my ZClasses or a zope bug?
I did not yet analyse how ZClass security works. My ZClasses work but I still use Zope 2.7.2 and several security tighening measures in 2.7.3 introduced a lot of problems. Maybe, also for ZClasses... In your product, you have an "mentor_add_permission" and in the "Define permissions tab" of your mentor ZClass, you map "Create class instances" to this (or another existing) permission? -- Dieter