Stefan H. Holek wrote:
Note that I found it to be relevant which object I want to acquire (don't ask me why, though).

Because the policy checks the roles on the acquired object? As Dieter points out, 'setDefaultAccess(deny)' should only apply to subobjects which do *not* have their own roles.


E.g. going back to my CMFDefault examples, I *can* acquire portal_workflow and portal_url, but I can *not* acquire portal_membership and acl_users from a denied context. Go figure.

If I change the test below to "app.wanted = PartlyProtectedSimpleItem3()" the test fails on current 2_7-branch ...

But that test fails on 2.7.2, as well. My change was actually to the implementation of 'guarded_getattr', which is not tested in 'testZopeSecurityPolicy' (the location of my original patch); rather, its tests are in 'testZopeGuards' (where my second patch applies).


I have not yet bee able to write a good test there yet (one which either passes on the 2.7 head and fails for 2.7.2, or vice versa).

Tres.
--
===============================================================
Tres Seaver                                [EMAIL PROTECTED]
Zope Corporation      "Zope Dealers"       http://www.zope.com

_______________________________________________
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to