[Zope-dev] 2.7 branch: attribute permission problems
Chris McDonough
chrism at plope.com
Tue Sep 14 22:36:08 EDT 2004
> Yep, that's the situation. It appears to look for the security assertions for
> "secure_url" on A instead of B. Note that "secure_url" is an attribute of B.
Yup. IOW, it looks like it used to find the first "secure_url" it could
access and return that, even if there were other acquirable "secure_url"
attrs before that one in the acquisition path. I'm sure the fact that
it ignores any intermediate (but inaccessible) "secure_url" attrs is
what Tres meant by DWIM.
But I'm not sure that he intended for the patch to have this effect.
I'm not even sure why it does have this effect; the "validate" function
is just too byzantine to understand without taking it through the
debugger.
- C
More information about the Zope-Dev
mailing list