[Zope-dev] 2.7 branch: attribute permission problems
Richard Jones
richard at commonground.com.au
Tue Sep 14 21:18:31 EDT 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[might dupe - sent the first copy of this from the wrong address, sorry!]
I've just upgraded to use the bleeding-edge 2-7 branch (from 2.7.2, running in
py 2.3.3) and I've started getting permission problems with attributes. The
cause appears to be acquired attributes. With VerboseSecurity installed
(note: behaviour not dependent on VS - I checked), I get told:
Error Type: Unauthorized
Error Value: The container has no security assertions. Access to 'secure_url'
of (CG Conference Proposals proposals at 0x41387b40) denied.
The "secure_url" attribute is defined at a much higher object, where we have a
declaration including:
security.setDefaultAccess({'secure_url': 1})
On the "proposals" object though, we don't have any delaration for the
"secure_url" attribute. If I add one, or a general
security.setDefaultAccess("allow"), then the error goes away. This doesn't
seem correct to me.
The relevant change in CVS appears to be:
*** ../../../../Zope-2.7.2/lib/python/AccessControl/ImplPython.py 2004-02-10
17:46:02.000000000 +1100
- --- AccessControl/ImplPython.py 2004-09-15 09:59:41.617423171 +1000
***************
*** 551,560 ****
return v
validate = SecurityManagement.getSecurityManager().validate
- - # Filter out the objects we can't access.
- - if hasattr(inst, 'aq_acquire'):
- - return inst.aq_acquire(name, aq_validate, validate)
- - # Or just try to get the attribute directly.
if validate(inst, inst, name, v):
return v
raise Unauthorized, name
- --- 551,556 ----
The change note being "- Removed DWIM'y attempt to filter
acquired-but-not-aceessible results from 'guarded_getattr'." and I'm not sure
what that means :)
Richard
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBR5hnrGisBEHG6TARAuucAJ42D8pU6kuPQ+mBwadqJq8uQbG12gCggN2u
AzBBhs5eCekTdl6bYtyBrCk=
=aUXn
-----END PGP SIGNATURE-----
More information about the Zope-Dev
mailing list