[Zope-dev] New Security Rules ... are very frustrating

Chris McDonough chrism@zope.com
Fri, 07 Dec 2001 08:57:28 -0500


You say these rules are new but there have been no intentional changes 
to how security works.  From DTML and scripts, you've always been unable 
to call methods on objects that had no security assertions.  If Y has no 
security assertions, this is the intended behavior.  It worked before? 
In what version of Zope?  And what version are you using now?

Stephan Richter wrote:
> Hello everyone,
> 
> I have a major issue with the new security. Let's say I have class X (a 
> nice Zopish object) and an object Y.
> 
> class X:
> 
>      Y = Y
> 
> Now, I am still able to access Y in an instance of X, like:
> 
> x = X()
> x.Y
> 
> but I am not able to access method do_z() anymore.
> 
> x.Y.do_z()
> 
> BTW, Y is not a nice Zope object but an instance from anywhere. And 
> setting __allow_access_to_unprotected_subobjects__ does not help much 
> either and it should not be the final solution anyway.
> 
> Can anyone help?
> 
> Regards,
> Stephan
> 
> -- 
> Stephan Richter
> CBU - Physics and Chemistry Student
> Web2k - Web Design/Development & Technical Project Management
> 
> 
> _______________________________________________
> Zope-Dev maillist  -  Zope-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce
> http://lists.zope.org/mailman/listinfo/zope )


-- 
Chris McDonough                    Zope Corporation
http://www.zope.org             http://www.zope.com
"Killing hundreds of birds with thousands of stones"