julian wrote at 2007-6-4 10:34 +0200: >The event.log > ... > Module None, line 8, in getProduct > - <PythonScript at /SITES/my_site/directory1/sub_directory1/getProduct> > - Line 8 > Module AccessControl.ZopeGuards, line 478, in protected_inplacevar >TypeError: Augmented assignment to And objects is not allowed in >untrusted code
Someone introduced a new security mechanism between Zope 2.8 and Zope 2.9: Inplace operations (such as "&=") are only allowed for "list" and "set". The implementer did not realize that there are situation when such inplace operations should be allowed -- as for e.g. "AdvancedQuery.And". They did not provide for any declarations that would allow this. Consequence: Until Zope is fixed, "AdvancedQuery" can do nothing that "&=" and "|=" and friends work in untrusted code. You have already found a workaround: "x &= y" is very similar to "x = x & y". It is slightly less efficient (not an issue in this case) and it does not affect other bindings of "x". -- Dieter _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )