Dieter Maurer wrote:
[snip]
Now replace the line security.declarePublic('getTitle') with something like
security.declareProtected('View', 'getTitle'), and suddenly nobody is
allowed to call getTitle() on a Book object anymore.
You must acquistion wrap your book objects. Otherwise,
Aah, of course, makes sense. They should put this in the developer's guide!
The thing that tripped me up is that it works at all for declarePublic. :)
Martijn,
I can put it in the developer's guide.. maybe the next time you're
through there, you can add a comment with the issue and we can
Martijn Faassen writes:
Dieter Maurer wrote:
[snip]
Now replace the line security.declarePublic('getTitle') with something like
security.declareProtected('View', 'getTitle'), and suddenly nobody is
allowed to call getTitle() on a Book object anymore.
You must acquistion wrap
The basic security mechanism uses the attribute m__roles__ in order
to protect m. If this attribute it None, then m is public.
Otherwise, it is expected to be a sequence of roles that are allowed
to use m.
But, ExtensionsClass brings with it computed attributes. This allows
m__roles__ to
I have added this nugget of knowledge as a comment to the ZDG.
John Ziniti wrote:
The basic security mechanism uses the attribute m__roles__ in order
to protect m. If this attribute it None, then m is public.
Otherwise, it is expected to be a sequence of roles that are allowed
to use m.
Martijn Faassen writes:
I have some issues with using declareProtected() outside product
classes (deriving from ObjectManager or SimpleItem). An external method
example that _does_ work, taken from the ZDG:
import Globals
import Acquisition
from AccessControl import