[Zope] Why no protection for PageTemplateFile?!
Dieter Maurer
dieter@handshake.de
Fri, 25 Jan 2002 22:23:03 +0100
Dirksen writes:
> Here's my class
>
> class Dummy:
> ....
> __roles__ = ['Authenticated', 'Owner', 'Manager']
> p_view = PageTemplateFile('F:/zope2/lib/.../view.zpt', globals())
> d_view = HTMLFile('F:/zope2/lib/.../view.html', globals())
> ....
>
> Globals.InitializeClass(Dummy)
>
> I think I've shut off anonymous access to p_view and d_view. But to my surprise, p_view
> goes unchecked on Zope 2.5.0b4, no authentication at all! (visiting d_view pops up the
> authentication box).
"PageTemplateFile" comes with its own security declaration.
Probably, this overrides the on in the parent.
Dieter