[ZCM] [ZC] 1202/ 3 Comment "setDefaultAccess('deny') vs context"
Collector: Zope Bugs, Features,
and Patches ...
zope-coders-admin at zope.org
Tue Jan 27 15:21:30 EST 2004
Issue #1202 Update (Comment) "setDefaultAccess('deny') vs context"
Status Accepted, Zope/bug medium
To followup, visit:
http://collector.zope.org/Zope/1202
==============================================================
= Comment - Entry #3 by tseaver on Jan 27, 2004 3:21 pm
Can you test against the head of the 2.7 branch today? If
our recent checkins have fixed your problem, we would like
to cut a new release candidate tomorrow.
________________________________________
= Accept - Entry #2 by tseaver on Jan 26, 2004 6:04 pm
Status: Pending => Accepted
Supporters added: tseaver
I think I fixed the equivalent problem today for the
2.6 branch; I will be porting the fix to 2.7 and the
head tomorrow.
________________________________________
= Request - Entry #1 by Zen on Jan 23, 2004 7:39 pm
Uploaded: "AccessEg.py"
- http://collector.zope.org/Zope/1202/AccessEg.py/view
If a parent object has tightened security by using security.setDefaultAccess(), child scripts can no longer access their context. The workaround is to do security.setDefaultAccess({'':1}) instead of security.setDefaultAccess('deny'), but this is not yet documented and I'm unsure if this opens security issues.
Should policy.validate(name='') be changed to cope with this situation, or is the fix to document the workaround and require modifications to product source?
This issue has been reported by at least one user other than myself.
I've attached a minimal example.
==============================================================
More information about the Zope-Collector-Monitor
mailing list