"Phillip J. Eby" wrote:
> At 12:27 PM 10/4/00 -0400, Brian Lloyd wrote:
> >
> >I've verified (any of my previous comments to the contrary) that
> >simple attributes (python types) do not really play in the
> >permissions machinery. The canonical way to expose such things
> >for now is to expose them through method calls (which can play
> >in the permissions scheme).
> >
> IIRC, this stuff got broken by the switch to the new security machinery.
> ZopeSecurityPolicy doesn't check 'foo__roles__' on the parent object the
> way ZPublisher does/did.

It never did.  Before the switch to the new policy machinery, 
most attributes that don't have roles were unprotected.
Now, we at least have a way to make some assertions.


Jim Fulton           mailto:[EMAIL PROTECTED]   Python Powered!        
Technical Director   (888) 344-4332            http://www.python.org  
Digital Creations    http://www.digicool.com   http://www.zope.org    

Under US Code Title 47, Sec.227(b)(1)(C), Sec.227(a)(2)(B) This email
address may not be added to any commercial mail list with out my
permission.  Violation of my privacy with advertising or SPAM will
result in a suit for a MINIMUM of $500 damages/incident, $1500 for

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to