[Zope-dev] Re: [ZPT] accessing object attributes from python expression
raises error
Michael R. Bernstein
webmaven@lvcm.com
08 Jan 2002 16:08:12 -0800
On Tue, 2002-01-08 at 14:01, Evan Simpson wrote:
> Michael R. Bernstein wrote:
> >
> > [snip stuff about accessing a browser_id_manager's
> > meta_type from unrestricted code raising an
> > unauthorized exception]
> >
> > Will this be fixed for 2.5 final?
>
>
> That depends. We're currently waiting for feedback on 2.5b3. Depending
> on how that goes, these changes may need to wait for 2.5.1.
Perhaps I am under-estimating how difficult the fix is. I'm assuming
that you simply need to add an appropriate security declaration to the
BrowserIdManager class...
Oh, wait...
meta_type is an attribute, so you can't just do
security.declareProtected(ACCESS_CONTENTS_PERM, 'meta_type')
Hmm...
The id attribute has the getId method, perhaps what's required is a
getMetaType method that can be suitably protected?
This would still be a pretty easy fix:
security.declareProtected(ACCESS_CONTENTS_PERM, 'getMetaType')
def getMetaType(self):
""" """
return self.meta_type
Am I missing something?
Michael Bernstein.