[Zope] security.declarePrivate allows access to all authenticated users
Itai Tavor
itai@optusnet.com.au
Wed, 29 Aug 2001 14:39:04 +1000
Hi,
I got the following class:
from AccessControl import ClassSecurityInfo
from Products.ZPatterns.Specialists import Specialist
import Globals
class MyClass(Specialist):
security = ClassSecurityInfo()
security.declarePrivate('test')
def test(self):
return 'test'
Globals.InitializeClass(MyClass)
Foolish old trusting me thought that 'test' would not be accessible
from restricted code. And it really isn't accessible to anonymous
users, but is freely accessible to all authenticated users.
Why?
--
--
Itai Tavor -- "Je sautille, donc je suis." --
itai@optusnet.com.au -- - Kermit the Frog --
-- --
-- "If you haven't got your health, you haven't got anything" --