Re: [Zope-dev] security.declareProtected doesn't always work?

Dieter Maurer Wed, 02 Jan 2002 14:29:15 -0800

Martijn Faassen writes:
 > I have some issues with using declareProtected() outside product
 > classes (deriving from ObjectManager or SimpleItem). An external method
 > example that _does_ work, taken from the ZDG:
 > 
 > import Globals
 > import Acquisition
 > from AccessControl import ClassSecurityInfo
 > 
 > class Book(Acquisition.Implicit):
 >   def __init__(self, title):
 >     self._title=title
 >     
 >   # Create a SecurityInfo for this class
 >   security = ClassSecurityInfo()
 >   security.declareObjectPublic()
 >   
 >   security.declarePublic('getTitle')
 >   def getTitle(self):
 >     return self._title
 >   
 > Globals.InitializeClass(Book)
 >     
 > # The actual external method
 > def GetBooks(self):
 >   books=[]
 >   books.append(Book('King Lear'))
 >   books.append(Book('Romeo and Juliet'))
 >   books.append(Book('The Tempest'))
 >   return books
 > 
 > Now replace the line "security.declarePublic('getTitle')" with something like
 > "security.declareProtected('View', 'getTitle')", and suddenly nobody is
 > allowed to call getTitle() on a Book object anymore.
You must acquistion wrap your book objects. Otherwise, Zope's
security code is unable to find the permission-role mapping.


Try:

        return books.__of__(self)


Dieter

_______________________________________________
Zope-Dev maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope )

Re: [Zope-dev] security.declareProtected doesn't always work?

Reply via email to