While testing a large-ish customer project under Zope 2.7.3 we found that
when an object with setDefaultAccess('deny') is used as the context for
a PythonScript, the script can no longer aquire tools from the portal

Because a test says more than a thousand words, I added one to CMFDefault.

To reproduce:
- get Zope-2_7-branch
- get CMF-1_4-branch
- run tests of CMFDefault, notably test_RestrictedAcquisition.py

Rolling back this checkin restores functionality:

Note that I was unable to reproduce the issue with CMF 1.5 (or plain Zope, for
that matter). What has changed? Beats me! Note that this issue has the potential
to break each and every Plone site out there.

Ultimately, I feel that unless there is a *very* good reason for removing the
aq_acquire call from cAccessControl/ImplPython it should be restored.


-- The time has come to start talking about whether the emperor is as well dressed as we are supposed to think he is. /Pete McBreen/

Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to