[Zope] Why no protection for PageTemplateFile?!

Dieter Maurer dieter@handshake.de
Fri, 25 Jan 2002 22:23:03 +0100


Dirksen writes:
 > Here's my class
 > 
 > class Dummy:
 >     ....
 >     __roles__ = ['Authenticated', 'Owner', 'Manager']
 >     p_view = PageTemplateFile('F:/zope2/lib/.../view.zpt', globals())
 >     d_view = HTMLFile('F:/zope2/lib/.../view.html', globals())
 >     ....
 > 
 > Globals.InitializeClass(Dummy)
 > 
 > I think I've shut off anonymous access to p_view and d_view. But to my surprise, p_view
 > goes unchecked on Zope 2.5.0b4, no authentication at all! (visiting d_view pops up the
 > authentication box).
"PageTemplateFile" comes with its own security declaration.

Probably, this overrides the on in the parent.


Dieter