[Zope3-dev] Security: Do not compare symbolic constants with persistent data using "is"
Steve Alexander
steve@cat-box.net
Sat, 16 Feb 2002 22:09:55 +0000
Steve Alexander wrote:
> I've just debugged a tricky problem with the ZopeSecurityPolicy.
>
> The problem was that I was getting spurious Forbidden errors. These
> would go away when I "refreshed" the role-permissions mapping on a
> folder on the acquisition path by saving it in exactly the state it was
> in before.
>
> The problem is that Settings.Allow and Deny are checked by identity
> rather than equality in ZopeSecurityPolicy.
>
> When a string has been pickled and then unpickled, it may be a different
> object, and thus must be compared by equality.
Perhaps an alternative would be to use numbers as the symbolic
constants, rather than strings.
Actually, I'm a bit hazy on the exact rules for identity in Python when
pickling is involved...
--
Steve Alexander