[Zope] access problem/security issue
Robert Rottermann
robert@redcor.ch
Thu, 6 Jun 2002 08:20:48 +0200
This is a multi-part message in MIME format.
------=_NextPart_000_000F_01C20D33.1062F890
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Hi there,
I have a security issue I am not able to solve.
In a product I define a class:
class PersonRecord (persistentRedPMBase):
#security =3D ClassSecurityInfo()
is_group =3D 0
is_type =3D PERSONTYPE
firstname =3D ''
lastname=3D''
uniqueid =3D None
def __getitem__(self, key):
return self.__dict__[key]
def getUniqueId ( self ) :
return uniqueid
def setFirstname(self, firstname):
self.firstname =3D firstname
def getFirstname(self):
return firstname
I can create and store and retrieve such records. However when I try to =
access one
of its datamebers I get an access error
You are not allowed to access setFirstname in this context
What is my mistake ??
Thanks for your tips
Robert
------=_NextPart_000_000F_01C20D33.1062F890
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2600.0" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hi there,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>I have a security issue I am not able =
to=20
solve.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>In a product I define a =
class:</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>class PersonRecord=20
(persistentRedPMBase):<BR> #security =3D=20
ClassSecurityInfo()<BR> is_group =3D =
0<BR> =20
is_type =3D PERSONTYPE<BR> firstname =3D =
''<BR> =20
lastname=3D''</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> uniqueid =3D =
None</FONT></DIV>
<DIV><FONT face=3DArial size=3D2> def =
__getitem__(self,=20
key):<BR> return=20
self.__dict__[key]</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> def getUniqueId ( =
self )=20
:<BR> return =
uniqueid<BR></FONT></DIV>
<DIV><FONT face=3DArial size=3D2> def =
setFirstname(self,=20
firstname):<BR> self.firstname =
=3D=20
firstname<BR>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2> def=20
getFirstname(self):<BR> return =
firstname</FONT></DIV>
<DIV> </DIV>
<DIV>I can create and store and retrieve such records. However when I =
try to=20
access one</DIV>
<DIV>of its datamebers I get an access error</DIV>
<DIV><STRONG>You are not allowed to access setFirstname in this=20
context</STRONG><BR><FONT face=3DArial size=3D2></FONT></DIV>
<DIV><FONT face=3DArial size=3D2>What is my mistake ??</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Thanks for your tips</FONT></DIV>
<DIV><FONT face=3DArial =
size=3D2>Robert</DIV></FONT></DIV></FONT></BODY></HTML>
------=_NextPart_000_000F_01C20D33.1062F890--