security.declarePrivate allows access to all authenticated users
Hi, I got the following class: from AccessControl import ClassSecurityInfo from Products.ZPatterns.Specialists import Specialist import Globals class MyClass(Specialist): security = ClassSecurityInfo() security.declarePrivate('test') def test(self): return 'test' Globals.InitializeClass(MyClass) Foolish old trusting me thought that 'test' would not be accessible from restricted code. And it really isn't accessible to anonymous users, but is freely accessible to all authenticated users. Why? -- -- Itai Tavor -- "Je sautille, donc je suis." -- itai@optusnet.com.au -- - Kermit the Frog -- -- -- -- "If you haven't got your health, you haven't got anything" --
Itai Tavor writes:
I got the following class:
from AccessControl import ClassSecurityInfo from Products.ZPatterns.Specialists import Specialist import Globals
class MyClass(Specialist):
security = ClassSecurityInfo()
security.declarePrivate('test') def test(self): return 'test'
Globals.InitializeClass(MyClass) At least, this is not the normal behaviour.
I have been unable to reproduce this (Zope 2.4CVS). Dieter
participants (2)
-
Dieter Maurer -
Itai Tavor