[Zope-dev] 2.7.3 beta attribute permission problems

Dieter Maurer dieter at handshake.de
Mon Oct 18 13:54:59 EDT 2004


Santi Camps wrote at 2004-10-18 12:37 +0200:
> ...
>I have a persistent object A and a non persistent object B.   B has 
>implicit acquisition.   From trusted code I return B.__of__(A).   Trying 
>to access B.meta_type from untrusted code (a ZPT) raises the error.    B 
>has no attribute meta_type, so it should be returned from A using 
>implicit acquisition.  A has all necessary security assertions.

"meta_type" is probably a string.
Elementary data types (such as string) do not know
anything about acquisition.
The code that checks the permissions cannot (easily) determine
where it comes from (other than reimplementing acquisition, which
would not be a good thing).

-- 
Dieter


More information about the Zope-Dev mailing list