Dario Lopez-Kästen wrote:
Florent Guillaume wrote:
Paul Winkler wrote:
On Fri, Dec 02, 2005 at 04:12:01PM +0100, Jean-Marc Orliaguet wrote:
does zope2 do an access control based on acquisition for public methods, that would be a waste of resources since the answer is always "yes, granted" ?
Well, the thing is, the declaration that makes the method public *has no effect* unless your class participates in acquisition.
That's not true. The objects of this class will be perfectly accessible to a restricted user:
from AccessControl import ClassSecurityInfo class MyStuff(object): security = ClassSecurityInfo() security.declareObjectPublic() security.setDefaultAccess('allow') def foo(self): return 'bar' InitializeClass(MyStuff)
In Zope 2.7.8 I get a segmentation fault when I try to do the above; I also have the following code that manages this for any class (to avoid having to do that for every single class):
def _ZopifyClass(a_class): a_class.security = ClassSecurityInfo() a_class.security.declareObjectPublic() # Segmentation fault security.setDefaultAccess('allow') InitializeClass(a_class)
I cannot swithc to Zope 2.8 because my code runs in PLone 2.05 and it does not work with Zope 2.8.
The segmentation fault occurs in the declareObjectPublic() statement.
Is there a fix for the Zope 2.7 to this problem?
Thanks.
/dario
that's because it does not seem to work with new-style python classes in zope2.7 it works with: class MyStuff: instead of: class MyStuff(object): This is what you would have got: File "/opt/Zope-2.7/lib/python/AccessControl/SecurityInfo.py", line 165, in apply dict['%s__roles__' % name] = access TypeError: object does not support item assignment if you'd run it without the extra call. now, the question is if it's worth the extra effort. /JM