[Zope3-dev] Re: SVN:
Zope3/branches/ctheune-issue-574/src/zope/app/session/configure.zcml
- Removed conflicting security declaration for the traversal adapter
that
Christian Theune
ct at gocept.com
Thu Aug 10 08:33:27 EDT 2006
Philipp von Weitershausen wrote:
> Christian Theune wrote:
>> Log message for revision 69387:
>> - Removed conflicting security declaration for the traversal adapter that
>> returns a Session object.
>>
>>
>> Changed:
>> U Zope3/branches/ctheune-issue-574/src/zope/app/session/configure.zcml
>>
>> -=-
>> Modified: Zope3/branches/ctheune-issue-574/src/zope/app/session/configure.zcml
>> ===================================================================
>> --- Zope3/branches/ctheune-issue-574/src/zope/app/session/configure.zcml 2006-08-10 08:24:12 UTC (rev 69386)
>> +++ Zope3/branches/ctheune-issue-574/src/zope/app/session/configure.zcml 2006-08-10 12:23:22 UTC (rev 69387)
>> @@ -23,7 +23,6 @@
>> provides="zope.traversing.interfaces.IPathAdapter"
>> factory=".session.Session"
>> name="session"
>> - permission="zope.Public"
>> />
>>
>> <class class=".session.Session">
>
> Hah! I can't believe that was the problem. It all makes sense now. I
> still wonder why the session object was still wrapped in a proxy whose
> checker didn't allow anything... seems that such a setup causes the
> security machinery to be a little confused? Perhaps the system shouldn't
> allow such combinations (adapter security + security of the class)?
I agree. This combination should raise a ConflictError IMHO.
The technical problem was that a generated factory method was generated
twice, the second time with the wrong checker attached.
Christian
--
gocept gmbh & co. kg - forsterstraße 29 - 06112 halle/saale - germany
www.gocept.com - ct at gocept.com - phone +49 345 122 9889 7 -
fax +49 345 122 9889 1 - zope and plone consulting and development
More information about the Zope3-dev
mailing list