On 2008-10-15 17:49:30 +0200, Christian Theune <[EMAIL PROTECTED]> said:
> > Why is a ForbiddenAttribute also an AttributeError? Is this intended to > avoid 'information leaks'? > > We found a nasty side-effect together with getattr and annotations: a > user that didn't have read-access to __annotations__ would end up trying > to create the annotations container again and again because getattr(obj > '__annotations__', None) would return None instead of propagating the > ForbiddenAttribute exception. On a proxied object you'd never get an AttributeError but only ForbidenAttribute, wouldn't you? So I think an ForbiddenAttribute as subclass of AttributeError is the right thing. -- Christian Zagrodnick · [EMAIL PROTECTED] gocept gmbh & co. kg · forsterstraße 29 · 06112 halle (saale) · germany http://gocept.com · tel +49 345 1229889 4 · fax +49 345 1229889 1 Zope and Plone consulting and development _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
