[Zope] DiskBased products and security
Haim Ashkenazi
haim at babysnakes.org
Mon Jun 13 08:43:44 EDT 2005
Hi
I'm following the example of "The Zope Bible" on how to create disk based
products.
after adding the imports, 'InitializeClass(class)' statement and the
'security = ClassSecurityInfo()' statement he recommends two other
statements:
1. __roles__ = () - I didn't understand exactly why but with this
statement I can't access the product either from the ZMI or directly from
the web.
2. security.setDefaultAccess("deny") - I think I understand why we changed
that, but it's causing a lot of problems. If I add 'delareProtected' for
all my methods, I can access certain pages , but with some pages (maybe
ones that's calling methods form base classes or acquisition like
'title_or_id') I still get errors ("Unauthorized: You are not allowed to
access 'title_or_id' in this context"). trying to solve this I started
adding 'declareProtected' for every method I got error for. I gave up
after 3 methods, but it seem to help.
so, I was wondering if something was changed in the security model since
2.5 (the version that the book is about) until 2.7, and is there a place
where it's documented (the zope developer guide is versioned 2.4)?
also, If I'll make sure that every method I have in my module is also
declared as protected, or public, is there a problem with living the
default access as any?
thanx
--
Haim
More information about the Zope
mailing list