Tres Seaver wrote at 2004-10-9 12:04 -0400: >Stefan H. Holek wrote: >> While testing a large-ish customer project under Zope 2.7.3 we found that >> when an object with setDefaultAccess('deny') is used as the context for >> a PythonScript, the script can no longer aquire tools from the portal >> root. > >*By definition*, anybody who has declared 'setDefaultAccess('deny') >*wants* the behavior you describe: that declaration says, "unless I >give you explicit permission for using a name, refuse."
I do *NOT* think that this is the intended semantics of "setDefaultAccess('deny')". In my view, "setDefaultAccess(XXX)" should only affect objects that do not have security declarations themselves. Acquired tools have security declarations -- they should not be affected by "setDefaultAccess". >If Plone has classes which make such assertions, then either the authors >*meant* them, or they need to be removed. This is (literally) the same >thing as declaring '__allow_access_to_unprotected_subobjects__ = 0' in >your class. With this name, it becomes even clearer: Acquires tools are neither "unprotected" nor "subobjects". -- Dieter _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )