Re: [Zope-dev] RFC: backward compatibility of PythonScript bindings for 2.6.4 / 2.7.0
On Wed, 2004-01-21 at 10:42, Brian Lloyd wrote: What I don't like is that it is somewhat magical, and now the error you would get (probably 'None has no attribute xxx') if the user doesn't have access to the container doesn't tell you the real problem. What if you used a special object that would produce a useful error message if the user tries to access the container. Assuming an access involves an attribute access: class UnauthorizedContext: def __getattr__(self, attr): raise Unauthorized(user does not have access to context) I'm sure the details aren't right, but I think the idea is clear enough. Jeremy ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] RFC: backward compatibility of PythonScript bindings for 2.6.4 / 2.7.0
On Wed, Jan 21, 2004 at 10:42:11AM -0500, Brian Lloyd wrote: These two facts did not cause a problem before, because the security check for the 'container' binding was not being performed at bind-time. One question - what *is* bind time? Is the container bound when the script is called? -- Paul Winkler http://www.slinkp.com Look! Up in the sky! It's THE PIDDLE! (random hero from isometric.spaceninja.com) ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] RFC: backward compatibility of PythonScript bindings for 2.6.4 / 2.7.0
Jeremy Hylton wrote at 2004-1-21 11:44 -0500: On Wed, 2004-01-21 at 10:42, Brian Lloyd wrote: What I don't like is that it is somewhat magical, and now the error you would get (probably 'None has no attribute xxx') if the user doesn't have access to the container doesn't tell you the real problem. What if you used a special object that would produce a useful error message if the user tries to access the container. Assuming an access involves an attribute access: class UnauthorizedContext: def __getattr__(self, attr): raise Unauthorized(user does not have access to context) I'm sure the details aren't right, but I think the idea is clear enough. +1 -- Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )