Dieter Maurer wrote > ... protecting simple type attributes by roles ...
> > Patch attached.
I have a small optimization:
if ( # start with inexpensive checks roles is not _noroles or name is None or value is None or container is None # now the expensive ones or hasattr(value,'__roles__') or not hasattr(aq_base(container), name + '__roles__') ):
If we replace "hasattr(value,'__roles__')" above by "hasattr(aq_base(value),'__roles__')", then the (discarded) roles computation becomes a bit cheaper.
I'm going with a bit simpler approach See my upcoming checkin.
Basically, I've created a getRoles method to be used instead of "getattr(ob, '__roles__', _noroles)".
One issue is that the security polict is not the only place where this special computation needs to be done.
Also note that I had to get rid of the validateValue call. It's important that we always pass the name and container to code that needs to get roles.
-- Jim Fulton mailto:[EMAIL PROTECTED] Python Powered! CTO (540) 361-1714 http://www.python.org Zope Corporation http://www.zope.com http://www.zope.org
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce