[Zope-dev] granting access to a single attribute with declarative security
Michael R. Bernstein
webmaven@lvcm.com
10 Jan 2002 20:11:03 -0800
On Wed, 2002-01-09 at 10:13, Wolfram Kerber wrote:
> >
> > I didn't think you could have more than one
> > setDefaultAccess in a class. If you can, then you can set:
> >
> > security.setDefaultAccess('deny')
> > security.setDefaultAccess({'meta_type': 1})
>
> The last 'setDefaultAccess' statement in a class will define the actual
> behaviour, i.e use only one.
>
> > But otherwise, you would have to list all attributes of the class in the
> > dict of a single statement, wouldn't you?
>
> No, all attributes that aren't in the dict are private.
Thanks, Wolfram. That was very informative.
This will let classes that use declarative security have a deny by
default policy, while still allowing access to certain attributes for
backward compatibility.
Michael Bernstein.