[Zope-dev] security.declareProtected doesn't always work?

Martijn Faassen faassen@vet.uu.nl
Sat, 29 Dec 2001 19:38:28 +0100 

Hi there,

I have some issues with using declareProtected() outside product
classes (deriving from ObjectManager or SimpleItem). An external method
example that _does_ work, taken from the ZDG:

import Globals
import Acquisition
from AccessControl import ClassSecurityInfo

class Book(Acquisition.Implicit):
  def __init__(self, title):
    self._title=title
    
  # Create a SecurityInfo for this class
  security = ClassSecurityInfo()
  security.declareObjectPublic()
  
  security.declarePublic('getTitle')
  def getTitle(self):
    return self._title
  
Globals.InitializeClass(Book)
    
# The actual external method
def GetBooks(self):
  books=[]
  books.append(Book('King Lear'))
  books.append(Book('Romeo and Juliet'))
  books.append(Book('The Tempest'))
  return books

Now replace the line "security.declarePublic('getTitle')" with something like
"security.declareProtected('View', 'getTitle')", and suddenly nobody is
allowed to call getTitle() on a Book object anymore.

This doesn't only occur in external method code, but also in product code,
which is where I ran into it. Take for instance this class:

class TOCEntry(Acquisition.Implicit):
    security = ClassSecurityInfo()
    security.declareObjectPublic()
    
    def __init__(self, id):
        self.id = id

    security.declareProtected('View', 'render')
    def render(self):
        """Render entry.
        """
        return self.id

Globals.InitializeClass(TOCEntry)

'render()' can now never be called from a DTML method or a ZPT template,
while using 'security.declarePublic('render') does work.

One gets errors like this:

"""
Error Type: Undefined

Error Value: You are not allowed to access render in this context not found in 'entry/render', at line 8, column 3
"""

which doesn't look very grammatical either. :)

I haven't been able to figure out what causes the difference; classes
that are initialized with Zope don't seem to have this problem, but this little
class does. I've tried inheriting from Persistent or SimpleItem.Item but
that doesn't seem to make any difference..

So what's going on? Am I missing something? If so, where is this documented?

Martijn