-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 15 Sep 2004 12:15 pm, Chris McDonough wrote: > On Tue, 2004-09-14 at 21:18, Richard Jones wrote: > > On the "proposals" object though, we don't have any delaration for the > > "secure_url" attribute. If I add one, or a general > > security.setDefaultAccess("allow"), then the error goes away. This > > doesn't seem correct to me. > > It sure doesn't sound right. Just to be pedantic: You have an object A > that has no security assertion for "secure_url". You have an object "B" > that does. When you access the aq context a.__of__(b) and ask it for > "secure_url" in restricted code, it refuses access. Is that a > reasonable characterization or am I reading it wrong?
Yep, that's the situation. It appears to look for the security assertions for "secure_url" on A instead of B. Note that "secure_url" is an attribute of B. Richard -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFBR6aJrGisBEHG6TARAgw+AJsFrHNQ7cSs+d4baUjcp6WMznJ83wCfXtVi anfvnB2Gi2xUwQWLVTfoAUk= =BHr1 -----END PGP SIGNATURE----- _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )