Santi Camps wrote at 2004-10-18 12:37 +0200: > ... >I have a persistent object A and a non persistent object B. B has >implicit acquisition. From trusted code I return B.__of__(A). Trying >to access B.meta_type from untrusted code (a ZPT) raises the error. B >has no attribute meta_type, so it should be returned from A using >implicit acquisition. A has all necessary security assertions.
"meta_type" is probably a string. Elementary data types (such as string) do not know anything about acquisition. The code that checks the permissions cannot (easily) determine where it comes from (other than reimplementing acquisition, which would not be a good thing). -- Dieter _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )