[Zope-CMF] New CMF tool has bogus __roles__
Dieter Maurer
dieter@handshake.de
Fri, 1 Feb 2002 20:44:36 +0100
Dan L. Pierson writes:
> I'm working on a new CMF tool to be released at Python 10. When I tried
> to test a the versions broken out of our running site today, I discovered
> that all DTML, etc. access to the tool fails authorization because the
> tool has __roles__ = ().
> ...
> class PostingsTool(UniqueObject, Folder):
> """
> Maintain Squishdot style postings in a Postgresql database.
>
> Since there is no database connection passed at tool creation, the
> first manual action with the tool must be to set a database
> connection
> via the SQL tab. All other tabs and methods are likely to fail or
> be
> useless until that is done.
> """
> id = 'postings_tool'
> meta_type = 'SqSQL Postings Tool'
>
> security = ClassSecurityInfo()
Maybe, the new "deny unless allowed" policy introduced by the "security
jihad"...
There is a proposal (now maybe named "Security Cleanup") that describes
the effect of this change.
A search on the mailing list archives (zope-dev) may also show you
the intense battle in connection with this change.
Add a "security.declareObjectProtected(<your permission>)"
to define the roles.
Dieter