I have added this nugget of knowledge as a comment to the ZDG. John Ziniti wrote:
> >> The basic security mechanism uses the attribute "m__roles__" in order >> to protect "m". If this attribute it "None", then "m" is public. >> Otherwise, it is expected to be a sequence of roles that are allowed >> to use "m". >> >> But, "ExtensionsClass" brings with it computed attributes. This allows >> "m__roles__" to be not a sequence but a method returning a sequence. >> When you protect "m" with a permission "p", then >> "m__roles__" is set to "PermissionRole(p)". This instance dynamically >> evaluates into a sequence of roles by crawling up the "aq_container" >> (which is correctly "aq_parent" after "aq_inner") chain and translating >> "p" into roles by interpreting the "permission-to-role" mapping >> it finds on its way to the application object. >> >> Therefore, "declarePublic" works for non-wrapped instances while >> "declareProtected" requires the wrapping. >> >> >> Dieter > > > > Very well put, Dieter -- both as an explanation of the problem > at hand, as well as a general description of one of the more > esoteric regions of Zope. I think it belongs in a document > somewhere. Thanks. I knew I read these email lists for a > reason. > > Ziniti > > > _______________________________________________ > Zope-Dev maillist - [EMAIL PROTECTED] > http://lists.zope.org/mailman/listinfo/zope-dev > ** No cross posts or HTML encoding! ** > (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce > http://lists.zope.org/mailman/listinfo/zope ) _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
