[Zope-Checkins] CVS: Zope/lib/python/AccessControl - ZopeSecurityPolicy.py:1.22
Shane Hathaway
shane@zope.com
Mon, 9 Jun 2003 12:26:40 -0400
Update of /cvs-repository/Zope/lib/python/AccessControl
In directory cvs.zope.org:/tmp/cvs-serv8842
Modified Files:
ZopeSecurityPolicy.py
Log Message:
Added some explanatory comments.
=== Zope/lib/python/AccessControl/ZopeSecurityPolicy.py 1.21 => 1.22 ===
--- Zope/lib/python/AccessControl/ZopeSecurityPolicy.py:1.21 Tue Oct 1 10:09:46 2002
+++ Zope/lib/python/AccessControl/ZopeSecurityPolicy.py Mon Jun 9 12:26:39 2003
@@ -115,16 +115,22 @@
roles=getattr(container, '__roles__', _noroles)
if roles is _noroles:
+ # Try to acquire __roles__. If it can't be
+ # acquired, the value is unprotected. Deny access
+ # to acquired unprotected values even if they are
+ # in a simple container.
if containerbase is container:
# Container is not wrapped.
roles=_noroles
- if containerbase is not accessedbase: return 0
+ if containerbase is not accessedbase:
+ return 0
else:
# Try to acquire roles
try: roles = container.aq_acquire('__roles__')
except AttributeError:
roles=_noroles
- if containerbase is not accessedbase: return 0
+ if containerbase is not accessedbase:
+ return 0
# We need to make sure that we are allowed to
# get unprotected attributes from the container. We are