----- Original Message ----- From: "Chris Withers" <[EMAIL PROTECTED]> To: "Gilles Lenfant" <[EMAIL PROTECTED]> Cc: "Toby Dickenson" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Thursday, August 01, 2002 6:18 PM Subject: Re: [Zope-dev] Removing the acquisition wrapper from an object (Python script)
> Gilles Lenfant wrote: > > manage_permission(self, permission_to_manage, roles=[], acquire=0, REQUEST=None) > > > > Just use this method in an "untrusted" python script on any Zope object, add to it >Manager proxy, and you're done. > > That method just tweaks the permissions settings. It certainly doesn't let you > strip off the acquisition wrappers (and hence security settings). > > Please give examples :-) > > cheers, > > Chris > Chris, There's some misunderstanding: I was formerly looking for a way to get rid of the acquisition wraper of an object from an untrusted python script. Toby Dickenson replied me that aq_base (as opposite to aq_parent) is not part of the acquisition utilities available from an untrusted python script because it "enables to tweak the object's security settings". I replied there are ways to tweak permission settings of an object from a python script with a Manager proxy. I didn't say in any way that it's possible to remove the acquisition wrapper of an object with obj.manage_permission(...) of course :)) That's all ! Now I'm always looking for an alternate way to get rid of the acquisition wrapper and access only the objects own props. TIA --Gilles _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
