[Zope-dev] Security Gurus Wanted

Steve Alexander steve@cat-box.net
Fri, 18 Jan 2002 19:53:44 +0000


vio wrote:
 > Could someone have a look at the following 'Boring' class with the
 > security functionality added (as described in ZopeBook/6.Security
 > and some other products). Could 'security' machinery be broken in
 > Zope-2.4.1 ? It surely doesn't seem to work as adverised, on my
 > machine at least (Debian Linux 2.2, Zope 2.4.1 (source release)
 > python 2.1.0, linux2). Tell me if it works on your installation.

 >
 > Boring.py -------------------------------- __doc__ = "" __version__
 > = '0.1' import Globals from Globals import HTMLFile      # fakes a
 > method from a DTML file from Globals import MessageDialog # provid from
 > Globals import Persistent    # makes an object stick in the ZODB import
 > OFS.SimpleItem import Acquisition import AccessControl.Role from
 > AccessControl import ClassSecurityInfo
 >
 > READ_PERM = 'View Stuff' WRITE_PERM = 'Change Stuff' security =
 > ClassSecurityInfo()


You have declared your ClassSecurityInfo object at the module level,
rather than as an attribute of the class you wish to make security
statements about.

Please do not cross-post to both zope@zope.org and zope-dev@zope.org. 
Post to one or the other.

--
Steve Alexander