On Tue, 2002-01-08 at 14:01, Evan Simpson wrote:
> Michael R. Bernstein wrote:
> > 
> > [snip stuff about accessing a browser_id_manager's
> >  meta_type from unrestricted code raising an
> >  unauthorized exception]
> > 
> > Will this be fixed for 2.5 final?
> That depends.  We're currently waiting for feedback on 2.5b3.  Depending 
> on how that goes, these changes may need to wait for 2.5.1.

Perhaps I am under-estimating how difficult the fix is. I'm assuming
that you simply need to add an appropriate security declaration to the
BrowserIdManager class...

Oh, wait...

meta_type is an attribute, so you can't just do

security.declareProtected(ACCESS_CONTENTS_PERM, 'meta_type')


The id attribute has the getId method, perhaps what's required is a
getMetaType method that can be suitably protected?

This would still be a pretty easy fix:

    security.declareProtected(ACCESS_CONTENTS_PERM, 'getMetaType')
    def getMetaType(self):
        """ """
        return self.meta_type

Am I missing something?

Michael Bernstein.

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to