Steve Alexander wrote:
> Zope 2.3, from cvs on 2000-12-24, patched with Chris P's latest ZCatalog
> I'm getting a bad interaction between ZClasses, ZCatalog and
> I have some ZClasses that are accessed via a container that implements
> __bobo_traverse__. The problem is that, although I can get to the ZClass
> instances by typing a URL into by browser, I get a security error when I
> try to get to them using restrictedTraverse.
> This causes a problem, as it means these instances cannot be catalogued
> in a ZCatalog, because ZCatalog now uses restrictedTraverse to get an
> object for indexing.
> The zope security validation gets stuck between not knowing for sure
> what the object's container is (according to comments from
> Traversable.py), and ZClasses not returning anything for __roles__.
> ZPatterns jargon paragraph:
> All this causes a problem if you want to use the ZPatterns idiom of
> ZClass DataSkins in a Specialist, catalogued using a ZCatalog. You can
> get around it by providing a __roles__ attribute using SkinScript.
In the latest ZCatalog product from CVS, this workaround is no longer
When a ZCatalog tries to catalog an object, it first tries to get to it
using restrictedTraverse, and if that fails, it uses REQUEST.resolve_url
as a fallback.
REQUEST.resolve_url gets to the DataSkin in the Specialist without
raising a security error.
> Is there some bug in the ZClasses __roles__ machinery?
> When does __roles__ get set on objects or classes anyway? I've found the
> description of what __roles__ are used for in the old Trinkets tutorial
> document. I think things have moved on a bit since then, though.
I'd still like to know the answer to these two questions.
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -