[ZCM] [ZC] 1202/ 1 Request "setDefaultAccess('deny') vs context"
Collector: Zope Bugs, Features,
and Patches ...
zope-coders-admin at zope.org
Fri Jan 23 19:39:22 EST 2004
Issue #1202 Update (Request) "setDefaultAccess('deny') vs context"
Status Pending, Zope/bug medium
To followup, visit:
http://collector.zope.org/Zope/1202
==============================================================
= Request - Entry #1 by Zen on Jan 23, 2004 7:39 pm
Uploaded: "AccessEg.py"
- http://collector.zope.org/Zope/1202/AccessEg.py/view
If a parent object has tightened security by using security.setDefaultAccess(), child scripts can no longer access their context. The workaround is to do security.setDefaultAccess({'':1}) instead of security.setDefaultAccess('deny'), but this is not yet documented and I'm unsure if this opens security issues.
Should policy.validate(name='') be changed to cope with this situation, or is the fix to document the workaround and require modifications to product source?
This issue has been reported by at least one user other than myself.
I've attached a minimal example.
==============================================================
More information about the Zope-Collector-Monitor
mailing list