On Tue, 2002-01-08 at 14:01, Evan Simpson wrote: > Michael R. Bernstein wrote: > > > > [snip stuff about accessing a browser_id_manager's > > meta_type from unrestricted code raising an > > unauthorized exception] > > > > Will this be fixed for 2.5 final? > > > That depends. We're currently waiting for feedback on 2.5b3. Depending > on how that goes, these changes may need to wait for 2.5.1.
Perhaps I am under-estimating how difficult the fix is. I'm assuming that you simply need to add an appropriate security declaration to the BrowserIdManager class... Oh, wait... meta_type is an attribute, so you can't just do security.declareProtected(ACCESS_CONTENTS_PERM, 'meta_type') Hmm... The id attribute has the getId method, perhaps what's required is a getMetaType method that can be suitably protected? This would still be a pretty easy fix: security.declareProtected(ACCESS_CONTENTS_PERM, 'getMetaType') def getMetaType(self): """ """ return self.meta_type Am I missing something? Michael Bernstein. _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )