[Zope] DiskBased products and security

Haim Ashkenazi haim at babysnakes.org
Mon Jun 13 08:43:44 EDT 2005


Hi

I'm following the example of "The Zope Bible" on how to create disk based
products.

after adding the imports, 'InitializeClass(class)' statement and the
'security = ClassSecurityInfo()' statement he recommends two other
statements:

1. __roles__ = () - I didn't understand exactly why but with this
statement I can't access the product either from the ZMI or directly from
the web.

2. security.setDefaultAccess("deny") - I think I understand why we changed
that, but it's causing a lot of problems. If I add 'delareProtected' for
all my methods, I can access certain pages , but with some pages (maybe
ones that's calling methods form base classes or acquisition like
'title_or_id') I still get errors ("Unauthorized: You are not allowed to
access 'title_or_id' in this context"). trying to solve this I started
adding 'declareProtected' for every method I got error for. I gave up
after 3 methods, but it seem to help.

so, I was wondering if something was changed in the security model since
2.5 (the version that the book is about) until 2.7, and is there a place
where it's documented (the zope developer guide is versioned 2.4)?

also, If I'll make sure that every method I have in my module is also
declared as protected, or public, is there a problem with living the
default access as any?

thanx

-- 
Haim




More information about the Zope mailing list