Paul Winkler wrote:
On Mon, Mar 10, 2003 at 03:33:18PM -0600, Michael R. Schwab wrote:
(snip)
The second method seems to be the newest and most logical approach. The being exception that the default security access to 'deny' does not permit me to access attributes from my class that are basic Python types such as strings (e.g. meta_type from a DTML Method). I could declare the default security access to 'allow', but that seems inherently dangerous from a security standpoint.
I think what you're looking for is __allow_access_to_unprotected_subobjects__ = 1
Having dug a little further into the bowels of Zope, I don't believe that this will work, even if I had wanted to use it. Setting __allow_access_to_unprotected_subobjects__ to 1 would be overridden by Globals.InitializeClass. In Globals.InitializeClass, there is a check to determine what the default access policy is set to ('allow' or 'deny' via the security.setDefaultAccess() call). If the default access has been set, __allow_access_to_unprotected_subobjects__ is assigned the value of default access ('deny' == 0 and 'allow' == 1). Am I off the mark here?
or, just make declarations on specific attributes:
security.declarePublic('meta_type') self.meta_type = "blah"
Thanks, Michael