[Zope3-dev] Re: SVN:
Zope3/branches/ctheune-issue-574/src/zope/app/session/configure.zcml
- Removed conflicting security declaration for the traversal adapter
that
Philipp von Weitershausen
philipp at weitershausen.de
Thu Aug 10 08:31:31 EDT 2006
Christian Theune wrote:
> Log message for revision 69387:
> - Removed conflicting security declaration for the traversal adapter that
> returns a Session object.
>
>
> Changed:
> U Zope3/branches/ctheune-issue-574/src/zope/app/session/configure.zcml
>
> -=-
> Modified: Zope3/branches/ctheune-issue-574/src/zope/app/session/configure.zcml
> ===================================================================
> --- Zope3/branches/ctheune-issue-574/src/zope/app/session/configure.zcml 2006-08-10 08:24:12 UTC (rev 69386)
> +++ Zope3/branches/ctheune-issue-574/src/zope/app/session/configure.zcml 2006-08-10 12:23:22 UTC (rev 69387)
> @@ -23,7 +23,6 @@
> provides="zope.traversing.interfaces.IPathAdapter"
> factory=".session.Session"
> name="session"
> - permission="zope.Public"
> />
>
> <class class=".session.Session">
Hah! I can't believe that was the problem. It all makes sense now. I
still wonder why the session object was still wrapped in a proxy whose
checker didn't allow anything... seems that such a setup causes the
security machinery to be a little confused? Perhaps the system shouldn't
allow such combinations (adapter security + security of the class)?
Philipp
More information about the Zope3-dev
mailing list