[Zope-dev] permissions/authorization on non ZClass/product objects

Toby Dickenson tdickenson@geminidataloggers.com
Thu, 03 Aug 2000 09:42:21 +0100


On Wed, 2 Aug 2000 22:41:46 -0400 (EDT), Chris McDonough
<chrism@digicool.com> wrote:

>Karl,
>
>Two things come to mind:
>
>First, make sure you're returning the instances in the context of their
>container, e.g. instead of:
>
>    def returnstuff(self):
>        class foo:
>            pass
>        return foo()
>
>do
>
>    def returnstuff(self):
>        class foo:
>            pass
>        return foo().__of__(self)


If you want to do that, then you need to inherit the acquisition base
class too....

    def returnstuff(self):
        class foo(Acquisition.Implicit):
            pass
        return foo().__of__(self)


>You may also want to try the magic:
>    def returnstuff(self):
>        class foo:
>            __allow_access_to_unprotected_subobjects__ = 1
>            pass
>        return foo().__of__(self)
>
>in the class instances you return if nothing in them needs to be protected
>by permissions in any way.

Using __allow_access_to_unprotected_subobjects__ the object doesnt
_need_ to have a context (although it might be useful for other
things), so you can drop the __of__



Toby Dickenson
tdickenson@geminidataloggers.com