[Zope-Checkins] CVS: Zope/lib/python/AccessControl - ZopeSecurityPolicy.py:1.20
Shane Hathaway
shane@cvs.zope.org
Wed, 21 Aug 2002 15:31:59 -0400
Update of /cvs-repository/Zope/lib/python/AccessControl
In directory cvs.zope.org:/tmp/cvs-serv960
Modified Files:
ZopeSecurityPolicy.py
Log Message:
Brought ZopeSecurityPolicy in line with cAccessControl. aq_base and aq_acquire
are not normally attributes of any object but acquisition wrappers, except in
one important case: if container is a module and that module happens to
import aq_base or aq_acquire from Acquisition, ZopeSecurityPolicy.validate()
does unintended things. This made ModuleSecurityInfo declarations fail when
using the Python policy.
Now we no longer look at aq_base attributes, but rather the acquisition API,
which is what cAccessControl does.
=== Zope/lib/python/AccessControl/ZopeSecurityPolicy.py 1.19 => 1.20 ===
--- Zope/lib/python/AccessControl/ZopeSecurityPolicy.py:1.19 Wed Aug 14 17:29:07 2002
+++ Zope/lib/python/AccessControl/ZopeSecurityPolicy.py Wed Aug 21 15:31:59 2002
@@ -89,7 +89,11 @@
return 0
containerbase = aq_base(container)
- accessedbase=getattr(accessed, 'aq_base', container)
+ accessedbase = aq_base(accessed)
+ if accessedbase is accessed:
+ # accessed is not a wrapper, so assume that the
+ # value could not have been acquired.
+ accessedbase = container
############################################################
# If roles weren't passed in, we'll try to get them from the object
@@ -111,13 +115,13 @@
roles=getattr(container, '__roles__', _noroles)
if roles is _noroles:
- aq=getattr(container, 'aq_acquire', None)
- if aq is None:
+ if containerbase is container:
+ # Container is not wrapped.
roles=_noroles
if containerbase is not accessedbase: return 0
else:
# Try to acquire roles
- try: roles=aq('__roles__')
+ try: roles = container.aq_acquire('__roles__')
except AttributeError:
roles=_noroles
if containerbase is not accessedbase: return 0