[Zope-dev] zope.component.zcml _protectedFactory not protecting?

[Christian Zagrodnick]

Hi,

I'm a little confused by the "permission" attribute on the <adapter> statement.

First of all, a principal not having the set permission still gets the 
adapter. That wouldn't be much of a problem if the adapter was 
securiy-proxied.

The adapter is created with the _protectedFactory:

def _protectedFactory(original_factory, checker):
    # This has to be named 'factory', aparently, so as not to confuse
    # apidoc :(
    def factory(*args):
        ob = original_factory(*args)
        try:
            ob.__Security_checker__ = checker
        except AttributeError:
            ob = Proxy(ob, checker)

        return ob
    factory.factory = original_factory
    return factory


I wonder why the factory only creates a security proxy when it cannot 
assign __Security_checker__ to the adapter. I suppose this is 
intentional?

Regards,
-- 
Christian Zagrodnick

gocept gmbh & co. kg  ·  forsterstrasse 29 · 06112 halle/saale
www.gocept.com · fon. +49 345 12298894 · fax. +49 345 12298891