[Zope-dev] Proposal: Align Zope 2 and Zope 3 permissions
Martin Aspeli
optilude+lists at gmail.com
Mon Apr 13 03:18:18 EDT 2009
Dieter Maurer wrote:
> Martin Aspeli wrote at 2009-4-12 18:31 +0800:
>> ....
>> Finally, there is not total parity between Zope 2 security and Zope 3
>> security. Zope 2 cannot protect 'property set', for example.
>
> Since Zope 2.8, Zope 2 could in principle -- and until quite recently
> I thought, it really can: it only fails with the "context" check
> (is the accessed object in the context of the UserFolder authenticating
> the current user). Of course, such checks fail for objects not acquisition
> wrapped. If we let pass this check in such cases, Zope 2 can protect
> property sets.
Not sure I understand you here. How would I declare that 'set' of an
attribute (property) is protected by one permission and 'get' is
protected by another?
Martin
--
Author of `Professional Plone Development`, a book for developers who
want to work with Plone. See http://martinaspeli.net/plone-book
More information about the Zope-Dev
mailing list