[Zope] Security class attribute

Peter Bengtsson peter at fry-it.com
Thu Jan 26 10:26:19 EST 2006 

On 1/26/06, Brian Lloyd <brian at zope.com> wrote:
> The ClassSecurityInfo is a convenience to provide a
> halfway-sane spelling for a lot of ugliness under the
> hood in setting up security.
>
> IntializeClass (among other things) tells the CSI to
> apply itself to the class to set everything up, then it
> gets *removed* from the class.
>
> I can't tell for sure from your code, but I suspect that
> IntializeClass is being called on MyProduct *before* you
> are doing your class augmentation -- if you can defer the
> call until after you hack it, it should work.
>

No, I did the InitializeClass() *after* everything else.
So still no explaination. For what's going on.

> If for some reason you can't defer the call to InitializeClass,
> it should be safe to create another ClassSecurityInfo and apply
> it manually, e.g.:
>
>   class MyProduct(...):
>       security=ClassSecurityInfo()
>
>   <InitializeClass happens...>
>
>   setattr(MyProduct, 'FileManagement.html', MyProduct.FileManagement)
>   xtra = ClassSecurityInfo()
>   xtra.security.declareProtected('View', 'FileManagement.html')
>   xtra.apply(MyProduct)

That's sort of what I've done now. My code looks something like this::

 class MyProduct(...):
     security = ClassSecurityInfo()
     security.declareProtected('View','blabla')
     def blabla():
          pass

 setattr(MyProduct, 'blabla.html', MyProduct.blabla)
 security.declareProtected('View', 'blabla.html')
 security.apply(MyProduct)
 InitializeClass(MyProduct)

...and now everything seems to be happy.

Thanks for the advice.





>
>
> HTH,
>
> Brian Lloyd        brian at zope.com
> V.P. Engineering   540.361.1716
> Zope Corporation   http://www.zope.com
>
>
> > -----Original Message-----
> > From: zope-bounces at zope.org [mailto:zope-bounces at zope.org]On Behalf Of
> > Peter Bengtsson
> > Sent: Thursday, January 26, 2006 9:44 AM
> > To: [Zope]
> > Subject: [Zope] Security class attribute
> >
> >
> > Now in Zope 2.9 I get these warnings::
> >
> >  2006-01-26 14:31:45 WARNING Init Class
> > Products.MyProduct.Homesite.FilesContainer has a security declaration
> > for nonexistent method 'FileManagement'
> >
> > That's understandable because I've coded it like this::
> >
> >  class MyProduct(...):
> >      security=ClassSecurityInfo()
> >      security.declareProtected('View', 'FileManagement.html')
> >
> >  setattr(MyProduct, 'FileManagement.html', MyProduct.FileManagement)
> >
> > In other words, I create methods after the class has been defined and
> > squeeze them in manually. Very convenient.
> > To avoid the WARNING message above I thought I could use
> > declareProtected() _after_ the the class has been defined just as with
> > the additional method; but no luck :(
> > I tried this::
> >  class MyProduct(...):
> >      security=ClassSecurityInfo()
> >
> >  setattr(MyProduct, 'FileManagement.html', MyProduct.FileManagement)
> >  MyProduct.security.declareProtected('View', 'FileManagement.html')
> >
> > But I'm getting::
> >
> >  AttributeError: type object 'MyProduct' has no attribute 'security'
> >
> > Which I totally don't understand. To test my sanity I wrote this test
> > script which works fine::
> >
> >  class _Z:
> >     def __init__(self):
> >         self.z = "Z"
> >     def declareProtected(self, *a,**k):
> >         print "++declare something+"
> > def foo():
> >     print "I'm being called"
> >     return _Z()
> > class A:
> >     security=foo()
> >     def __init__(self):
> >         pass
> > A.security.declareProtected("foo")
> > print dir(A)
> >
> > Which works like you'd expect with the followin output::
> >
> >  I'm being called
> >  ++declare something+
> >  ['__doc__', '__init__', '__module__', 'security']
> >
> > What's going on [differently] in Zope? What am I missing?
> >
> >
> >
> >
> >
> > --
> > Peter Bengtsson,
> > work www.fry-it.com
> > home www.peterbe.com
> > hobby www.issuetrackerproduct.com
> > _______________________________________________
> > Zope maillist  -  Zope at zope.org
> > http://mail.zope.org/mailman/listinfo/zope
> > **   No cross posts or HTML encoding!  **
> > (Related lists -
> >  http://mail.zope.org/mailman/listinfo/zope-announce
> >  http://mail.zope.org/mailman/listinfo/zope-dev )
> >
>


--
Peter Bengtsson,
work www.fry-it.com
home www.peterbe.com
hobby www.issuetrackerproduct.com

More information about the Zope mailing list