[Zope-dev] permissions/authorization on non ZClass/product objects

Chris McDonough chrism@digicool.com
Wed, 2 Aug 2000 22:41:46 -0400 (EDT) 

Karl,

Two things come to mind:

First, make sure you're returning the instances in the context of their
container, e.g. instead of:

    def returnstuff(self):
        class foo:
            pass
        return foo()

do

    def returnstuff(self):
        class foo:
            pass
        return foo().__of__(self)

You may also want to try the magic:
    def returnstuff(self):
        class foo:
            __allow_access_to_unprotected_subobjects__ = 1
            pass
        return foo().__of__(self)

in the class instances you return if nothing in them needs to be protected
by permissions in any way.

On 2 Aug 2000, Karl Anderson wrote:

> 
> I'm having trouble with permissions and Python class instances that
> aren't part of the Zope permission mechanism.
> 
> I'm creating plain Python class instances in the Python baseclass of a
> ZClass, and storing them in a list on the baseclass.  The baseclass
> instantiates these instances and appends them to its list.  The class
> is defined in the baseclass .py file.  A method on the baseclass
> returns this list of instances, and I'm iterating over them in DTML
> and looking at their attributes - or trying to.  I get an
> authorization prompt, which always gives me an auth error, even though
> the user can look at the ZClass that's returning the instances.
> 
> I'm able to get around this by registering the plain Python class as a
> base class, subclassing them with a ZClass, and instantiating ZClass
> instances instead of baseclass instances.  It seems like overkill,
> though (and I always thought that instantiating ZClasses in python was
> confusing).  I don't need to expose methods or restrict access, just
> open the attributes to be used as DTML variables.
> 
> Are there ways to do this without making full-fledged ZClasses out of
> my classes?  Are there guidelines in general for using non-Zopish
> subobjects that get used by the publishing process?
> 
> -- 
> Karl Anderson      kra@monkey.org           http://www.pobox.com/~kra/
> 
> _______________________________________________
> Zope-Dev maillist  -  Zope-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists - 
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope )
>