On 7/14/06, Garito <[EMAIL PROTECTED]> wrote:
Garito escribió: > Dieter Maurer escribió: >> Garito wrote at 2006-7-14 07:04 +0200: >> >>> ... >>> def __bobo_traverse__(self, REQUEST, name): >>> obj = getattr(self, name, None) >>> ... >>> I wonder why I can do this on a Page Template: >>> >>> <tal:b tal:replace='python: here.Texto' /> >>> >>> Where Texto is a adquired property, but not this: >>> >>> <tal:b tal:replace='here/Texto' /> >>> >>> because zope raises an unauthorized error >>> >>> How can I solve this point? >>> >> >> You can wait for the next Zope release (2.10) where this is fixed. >> >> The reason: security for "__bobo_traverse__" is much stricter >> than for attribute lookup: >> >> In the latter case, the security machinery knows that the value >> was obtained by attribute lookup and can apply the security >> declarations of the accessed object. >> >> In the former case, the security machinery does not know >> which object was really accessed and therefore refuses >> to look at the accessed object. This often leads to >> an "Unauthorized". >> >> The hack in Zope 2.10 checks in this case whether the value >> could as well have been obtained by attribute lookup and >> then checks along this route. >> >> >> If waiting is not an option for you, you can also backport >> the fix to your Zope version. >> >> >> >> > Do you refer this Collector? > > http://www.zope.org/Collectors/Zope/2072 > I use Zope 2.9.2
Use 2.9.3 and watch your problem disappear (hopefully). Alec _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
