[Zope-dev] Re: Bad interaction between Zope 2.7.3 and CMF 1.4
Stefan H. Holek
stefan at epy.co.at
Sat Oct 9 13:46:12 EDT 2004
On 09.10.2004, at 18:04, Tres Seaver wrote:
>
> *By definition*, anybody who has declared 'setDefaultAccess('deny')
> *wants* the behavior you describe: that declaration says, "unless I
> give you explicit permission for using a name, refuse."
>
> If Plone has classes which make such assertions, then either the
> authors *meant* them, or they need to be removed. This is (literally)
> the same thing as declaring
> '__allow_access_to_unprotected_subobjects__ = 0' in your class.
>
Plone itself doesn't AFAICS. Third party applications may, like the one
I was talking about. The unfortunate coincidence is that these apps
work fine with Zope up to 2.7.2.
I am of the impression that using aq_acquire in guarded_getattr does
the right thing (by accident?). I certainly lack the Fu though.
> Your test doesn't really belong in CMF, as you are arguing that the
> current implemtation in Zope is broken.
>
> Please *don't* check such a test in on the HEAD (or branch head) until
> after this discussion is resolved.
>
Right, but I couldn't make it break anyplace else. Sorry. Feel free to
remove it.
> Thank you for making the case reproducible; Richard Jones had
> reported this issue earlier, but couldn't cut it down to a simple
> case. I will work on adding tests to AccessControl which make the
> intent clear (we can still argue about whether to keep the change).
Thank you!
Stefan
--
The time has come to start talking about whether the emperor is as well
dressed as we are supposed to think he is. /Pete McBreen/
More information about the Zope-Dev
mailing list