Dieter Maurer wrote:
Dieter Maurer wrote
 > ... protecting simple type attributes by roles ...

> > Patch attached.

I have a small optimization:

            if (
                # start with inexpensive checks
                roles is not _noroles
                or name is None
                or value is None
                or container is None
                # now the expensive ones
                or hasattr(value,'__roles__')
                or not hasattr(aq_base(container), name + '__roles__')

If we replace "hasattr(value,'__roles__')" above by "hasattr(aq_base(value),'__roles__')", then the (discarded) roles computation becomes a bit cheaper.

I'm going with a bit simpler approach See my upcoming checkin.

Basically, I've created a getRoles method to be used instead
of "getattr(ob, '__roles__', _noroles)".

One issue is that the security polict is not the only place where this
special computation needs to be done.

Also note that I had to get rid of the validateValue call.  It's important
that we always pass the name and container to code that needs to get roles.


-- Jim Fulton mailto:[EMAIL PROTECTED] Python Powered! CTO (540) 361-1714 Zope Corporation

Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists - )

Reply via email to