Jean Jordaan wrote at 2005-3-7 16:36 +0200:
Hmf, neither 2.7.5b1 nor zope.org/Zope.Zope-2_7-branch cures the IISet hassle. The traceback is the same as in my original posting.
Looks like I need to move that code out of restricted python.
Elsewhere I also see this:
Unauthorized: Your user account, jean, is defined outside the context of the object being accessed. Access to 'id' of (Reseller instance at 414925c0) denied. Access requires one of the following roles: ['Administrator', 'Manager', 'Supporter'].
The fix for that is to s/id/getId()/
I hope, this does not work (it should not!). "s/id" may be unauthorized (because it is protected by the "ObjectPermission") while "s/getId" may be authorized (because it "getId" can carry its own permission -- different from the "ObjectPermission). But it "s/id" is unauthorized, then "s/id/getId" should be as well (and "s/id/getId()" should be a syntax error -- be more careful in the future!). -- Dieter