Jamie Heilman wrote at 2004-3-22 16:42 -0800:
> ...
>So here's the questions I have for you all... is there a way to
>declare appropriate security on the bindings that are screwing me
>right now from within my product code so that I can selectively poke
>holes to allow container access where needed,

One approach (hopefully quite near to your wishes) looks like:

  Protect your object by a role, say "Manager".
  This looks like "__roles__ = ('Manager',)"

  Give your "PageTemplateFile" the "Manager" proxy role:
  "_proxy_roles = ('Manager',)"

  Make your "PageTemplateFile" unowned: "_owner = None".

Instead of "Manager", you can use another role that you do not
assign any permissions.

An incredibly long time ago, Evan published a product
"XXXPythonScripts". These are "PythonScripts" without security
checks. Looking at the differences between these two products
may show what is needed to get security unaware "PageTemplateFiles".


Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to