Hi I'm following the example of "The Zope Bible" on how to create disk based products.
after adding the imports, 'InitializeClass(class)' statement and the 'security = ClassSecurityInfo()' statement he recommends two other statements: 1. __roles__ = () - I didn't understand exactly why but with this statement I can't access the product either from the ZMI or directly from the web. 2. security.setDefaultAccess("deny") - I think I understand why we changed that, but it's causing a lot of problems. If I add 'delareProtected' for all my methods, I can access certain pages , but with some pages (maybe ones that's calling methods form base classes or acquisition like 'title_or_id') I still get errors ("Unauthorized: You are not allowed to access 'title_or_id' in this context"). trying to solve this I started adding 'declareProtected' for every method I got error for. I gave up after 3 methods, but it seem to help. so, I was wondering if something was changed in the security model since 2.5 (the version that the book is about) until 2.7, and is there a place where it's documented (the zope developer guide is versioned 2.4)? also, If I'll make sure that every method I have in my module is also declared as protected, or public, is there a problem with living the default access as any? thanx -- Haim _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )