Michael R. Schwab wrote:
The issue that I'm facing seems to be Zope's security model. The ZDG's security guide has even specified that object properties that are basic Python types cannot have their permissions set via the usual security.declarePublic() call (this includes 'id', 'meta_type', 'title').
This is true. Yoru options are: 1. setDefaultAccess('deny') and then provide setter and accessor methdos for the attributes in question. 2. I believe setDefaultAccess can be passed a list or function that determines whether an attribute is accessible. You'd have to do some research on this.
I don't want to specify security.setDefaultAccess( 'allow' ) as this would allow access to mutable types within my product from scripts and defeats the purpose of setting a strict default security policy.
Be careful. OFS.SimpleItem.SimpleItem does this anyway, so you'll have to ensure you specifically set the policy in your product. cheers, Chris