On 2008-10-15 17:49:30 +0200, Christian Theune <[EMAIL PROTECTED]> said:
>
> Why is a ForbiddenAttribute also an AttributeError? Is this intended to
> avoid 'information leaks'?
>
> We found a nasty side-effect together with getattr and annotations: a
> user that didn't have read-access to __annotations__ would end up trying
> to create the annotations container again and again because getattr(obj
> '__annotations__', None) would return None instead of propagating the
> ForbiddenAttribute exception.
On a proxied object you'd never get an AttributeError but only
ForbidenAttribute, wouldn't you? So I think an ForbiddenAttribute as
subclass of AttributeError is the right thing.
--
Christian Zagrodnick · [EMAIL PROTECTED]
gocept gmbh & co. kg · forsterstraße 29 · 06112 halle (saale) · germany
http://gocept.com · tel +49 345 1229889 4 · fax +49 345 1229889 1
Zope and Plone consulting and development
___
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )