You say these rules are new but there have been no intentional changes to how security works. From DTML and scripts, you've always been unable to call methods on objects that had no security assertions. If Y has no security assertions, this is the intended behavior. It worked before? In what version of Zope? And what version are you using now?
Stephan Richter wrote: > Hello everyone, > > I have a major issue with the new security. Let's say I have class X (a > nice Zopish object) and an object Y. > > class X: > > Y = Y > > Now, I am still able to access Y in an instance of X, like: > > x = X() > x.Y > > but I am not able to access method do_z() anymore. > > x.Y.do_z() > > BTW, Y is not a nice Zope object but an instance from anywhere. And > setting __allow_access_to_unprotected_subobjects__ does not help much > either and it should not be the final solution anyway. > > Can anyone help? > > Regards, > Stephan > > -- > Stephan Richter > CBU - Physics and Chemistry Student > Web2k - Web Design/Development & Technical Project Management > > > _______________________________________________ > Zope-Dev maillist - [EMAIL PROTECTED] > http://lists.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** > (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce > http://lists.zope.org/mailman/listinfo/zope ) -- Chris McDonough Zope Corporation http://www.zope.org http://www.zope.com "Killing hundreds of birds with thousands of stones" _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )