[Zope3-dev] Security: Do not compare symbolic constants with persistent data using "is"

[Steve Alexander]

Steve Alexander wrote:
> I've just debugged a tricky problem with the ZopeSecurityPolicy.
> 
> The problem was that I was getting spurious Forbidden errors. These 
> would go away when I "refreshed" the role-permissions mapping on a 
> folder on the acquisition path by saving it in exactly the state it was 
> in before.
> 
> The problem is that Settings.Allow and Deny are checked by identity 
> rather than equality in ZopeSecurityPolicy.
> 
> When a string has been pickled and then unpickled, it may be a different 
>  object, and thus must be compared by equality.

Perhaps an alternative would be to use numbers as the symbolic 
constants, rather than strings.

Actually, I'm a bit hazy on the exact rules for identity in Python when 
pickling is involved...

--
Steve Alexander