[Zope-dev] But I used __ac_permissions__! :S
Chris Withers
chrisw@nipltd.com
Fri, 01 Sep 2000 17:00:33 +0100
Brian Lloyd wrote:
>
> Here's a quick thing to try- if 'subject' is an attribute
> of your Article class, try adding:
>
> class Article(...):
> subject__roles__=None
>
> then restart and see if you still get unauthorized...
yup, I do :-(
And besides, 'subject' is already in __ac_permissions__, as you can see:
(a lot of stuff snipped out though ;-)
__ac_permissions__ = (
('View', ['subject','getThread'], ('Anonymous', 'Manager')),
)
and I do appropriate Globals.default__class_init__'s...
Man, I really have no idea, and not even any clue where to look.
The big factor seems to be that 'subject' is a string. I had a similar
problem with the SquishFile class with the 'icon' attribute.
When it was a string:
# protected by 'View' permission
icon = 'misc_/Squishdot/squishfile_img'
...even though it was a class variable and protected in
__ac_permissions__, I was getting very similar errors to the above...
I was lucky, in that case, because it was a class variable, I could turn
it into a method:
# protected by 'View' permission
def icon(self):
return 'misc_/Squishdot/squishfile_img'
...and, lo and behold, no more security errors from there... :S
Unfortunately, the string attributes in the Article class are instance
attributes, not class attributes, so I can't do the same thing :-(
Any ideas?
cheers,
Chris