Paul Winkler wrote:
On Mon, Mar 10, 2003 at 03:33:18PM -0600, Michael R. Schwab wrote:
I've noted two different methods for declaring security in a class.
(snip)
The second method, which I believe to be the most recent,
that's correct.
The second method seems to be the newest and most logical approach. The being exception that the default security access to 'deny' does not permit me to access attributes from my class that are basic Python types such as strings (e.g. meta_type from a DTML Method). I could declare the default security access to 'allow', but that seems inherently dangerous from a security standpoint.
I think what you're looking for is __allow_access_to_unprotected_subobjects__ = 1
Hmmm... Not quite what I'm looking for. If my class contains mutable attributes such as a list, this could cause a potential security risk.
or, just make declarations on specific attributes:
security.declarePublic('meta_type') self.meta_type = "blah"
I have attempted this previously. Since 'meta_type' is a Python string and not a method, security.declarePublic('meta_type') does not set 'meta_type' to be public. It results in: Error Type: Unauthorized Error Value: You are not allowed to access meta_type in this context -- Michael R. Schwab