[Zope-dev] New Security Rules ... are very frustrating
Chris McDonough
chrism@zope.com
Fri, 07 Dec 2001 08:57:28 -0500
You say these rules are new but there have been no intentional changes
to how security works. From DTML and scripts, you've always been unable
to call methods on objects that had no security assertions. If Y has no
security assertions, this is the intended behavior. It worked before?
In what version of Zope? And what version are you using now?
Stephan Richter wrote:
> Hello everyone,
>
> I have a major issue with the new security. Let's say I have class X (a
> nice Zopish object) and an object Y.
>
> class X:
>
> Y = Y
>
> Now, I am still able to access Y in an instance of X, like:
>
> x = X()
> x.Y
>
> but I am not able to access method do_z() anymore.
>
> x.Y.do_z()
>
> BTW, Y is not a nice Zope object but an instance from anywhere. And
> setting __allow_access_to_unprotected_subobjects__ does not help much
> either and it should not be the final solution anyway.
>
> Can anyone help?
>
> Regards,
> Stephan
>
> --
> Stephan Richter
> CBU - Physics and Chemistry Student
> Web2k - Web Design/Development & Technical Project Management
>
>
> _______________________________________________
> Zope-Dev maillist - Zope-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zope-dev
> ** No cross posts or HTML encoding! **
> (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope )
--
Chris McDonough Zope Corporation
http://www.zope.org http://www.zope.com
"Killing hundreds of birds with thousands of stones"