[Zope-dev] permissions/authorization on non ZClass/product objects

[Karl Anderson]

I'm having trouble with permissions and Python class instances that
aren't part of the Zope permission mechanism.

I'm creating plain Python class instances in the Python baseclass of a
ZClass, and storing them in a list on the baseclass.  The baseclass
instantiates these instances and appends them to its list.  The class
is defined in the baseclass .py file.  A method on the baseclass
returns this list of instances, and I'm iterating over them in DTML
and looking at their attributes - or trying to.  I get an
authorization prompt, which always gives me an auth error, even though
the user can look at the ZClass that's returning the instances.

I'm able to get around this by registering the plain Python class as a
base class, subclassing them with a ZClass, and instantiating ZClass
instances instead of baseclass instances.  It seems like overkill,
though (and I always thought that instantiating ZClasses in python was
confusing).  I don't need to expose methods or restrict access, just
open the attributes to be used as DTML variables.

Are there ways to do this without making full-fledged ZClasses out of
my classes?  Are there guidelines in general for using non-Zopish
subobjects that get used by the publishing process?

-- 
Karl Anderson      kra@monkey.org           http://www.pobox.com/~kra/