Re: [Zope3-Users] Security between Context and View
Klaus Bremer wrote: You can try to bypass the zope security mechanism by using 'removeSecurityProxy': from zope.security.proxy import removeSecurityProxy ... def doTransaction(self): transaction = removeSecurityProxy(self.context.produceTransaction()) ... If possible it's better to use trusted adapters for that purpose. Regular adapters (such as regular views too) are not security proxied, but the underlying context is security proxied. Trusted adapters are security proxied but the underlying is not. Regards, Dominik ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] Security between Context and View
You can try to bypass the zope security mechanism by using 'removeSecurityProxy': from zope.security.proxy import removeSecurityProxy ... def doTransaction(self): transaction = removeSecurityProxy(self.context.produceTransaction()) ... hth -klaus Ursprüngliche Nachricht am: Fri, 12 May 2006 10:14:29 -0500 von: David Johnson : [EMAIL PROTECTED] >I have a view object which calls it's content object to return another >object. The view object does not have access to the returned object, and I >receive a forbidden attribute error. > > > >***Content*** > > > >class Transaction(object): > > > > transid=u'' > > > >class TransactionFactory(Persistent,Contained): > > > > implements(ITransactionFactory) > > > > def produceTransaction(self): > > transaction = Transaction() > > transaction.transid = 'abcd' > > return transaction > > > >***View*** > > > >class Transaction: > > > > def doTransaction(self): > > transaction = self.context.produceTransaction() > > self.session['transid'] = transaction.transid > > transaction.commit() > > > >This generates a forbidden attribute error on >transaction.Transaction.transid > > > > > > > > > > > > > > > >-- > >David Johnson > > > >___ >Zope3-users mailing list >Zope3-users@zope.org >http://mail.zope.org/mailman/listinfo/zope3-users ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
[Zope3-Users] Security between Context and View
I have a view object which calls it’s content object to return another object. The view object does not have access to the returned object, and I receive a forbidden attribute error. ***Content*** class Transaction(object): transid=u’’ class TransactionFactory(Persistent,Contained): implements(ITransactionFactory) def produceTransaction(self): transaction = Transaction() transaction.transid = ‘abcd’ return transaction ***View*** class Transaction: def doTransaction(self): transaction = self.context.produceTransaction() self.session[‘transid’] = transaction.transid transaction.commit() This generates a forbidden attribute error on transaction.Transaction.transid -- David Johnson ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users