[Zope3-dev] Protecting class methods
Steve Alexander
steve@cat-box.net
Mon, 14 Jul 2003 23:59:45 +0300
Brad Bollenbach wrote:
> On Mon, Jul 14, 2003 at 11:41:46PM +0300, Steve Alexander wrote:
>
>>>Although it's worth noting in this particular instance (no pun intended)
>>>that you (Sidnei, that is) will probably want to protect instance access
>>>to the .new method as well.
>>
>>Why?
>
>
> Because if he only protects it when called as an attribute of a class
> then the permission checks can be subverted by calling .new as an
> instance method.
If no permission is declared to be required to access the method on an
instance, then that method cannot be accessed on an instance.
The default state is that access to a method or attribute is denied. You
must specifically allow it if you want it to be allowed.
You cannot subvert a classmethod in this way.
--
Steve Alexander