[Zope] Re: security.declarePrivate allows access to all authenticated users

Itai Tavor itai@optusnet.com.au
Wed, 29 Aug 2001 14:46:22 +1000


Forgot to mention: Using Zope 2.3.2.

>Hi,
>
>I got the following class:
>
>from AccessControl import ClassSecurityInfo
>from Products.ZPatterns.Specialists import Specialist
>import Globals
>
>class MyClass(Specialist):
>
>     security = ClassSecurityInfo()
>
>     security.declarePrivate('test')
>     def test(self):
>         return 'test'
>
>Globals.InitializeClass(MyClass)
>
>
>Foolish old trusting me thought that 'test' would not be accessible 
>from restricted code. And it really isn't accessible to anonymous 
>users, but is freely accessible to all authenticated users.
>
>Why?


-- 
--
Itai Tavor                      -- "Je sautille, donc je suis."    --
itai@optusnet.com.au            --               - Kermit the Frog --
--                                                                 --
-- "If you haven't got your health, you haven't got anything"      --