[Zope-dev] Removing the acquisition wrapper from an object (Python script)
Gilles Lenfant
gilles@pilotsystems.net
Thu, 1 Aug 2002 19:38:00 +0200
----- Original Message -----=20
From: "Chris Withers" <chrisw@nipltd.com>
To: "Gilles Lenfant" <gilles@pilotsystems.net>
Cc: "Toby Dickenson" <tdickenson@geminidataloggers.com>; =
<zope-dev@zope.org>
Sent: Thursday, August 01, 2002 6:18 PM
Subject: Re: [Zope-dev] Removing the acquisition wrapper from an object =
(Python script)
> Gilles Lenfant wrote:
> > manage_permission(self, permission_to_manage, roles=3D[], =
acquire=3D0, REQUEST=3DNone)
> >=20
> > Just use this method in an "untrusted" python script on any Zope =
object, add to it Manager proxy, and you're done.
>=20
> That method just tweaks the permissions settings. It certainly doesn't =
let you=20
> strip off the acquisition wrappers (and hence security settings).
>=20
> Please give examples :-)
>=20
> cheers,
>=20
> Chris
>=20
Chris,
There's some misunderstanding:
I was formerly looking for a way to get rid of the acquisition wraper of =
an object from an untrusted python script.
Toby Dickenson replied me that aq_base (as opposite to aq_parent) is not =
part of the acquisition utilities available from an untrusted python =
script because it "enables to tweak the object's security settings".
I replied there are ways to tweak permission settings of an object from =
a python script with a Manager proxy. I didn't say in any way that it's =
possible to remove the acquisition wrapper of an object with =
obj.manage_permission(...) of course :))
That's all !
Now I'm always looking for an alternate way to get rid of the =
acquisition wrapper and access only the objects own props.
TIA
--Gilles