Stefan H. Holek wrote:
On 09.10.2004, at 18:04, Tres Seaver wrote:

*By definition*, anybody who has declared 'setDefaultAccess('deny') *wants* the behavior you describe: that declaration says, "unless I give you explicit permission for using a name, refuse."

If Plone has classes which make such assertions, then either the authors *meant* them, or they need to be removed. This is (literally) the same thing as declaring '__allow_access_to_unprotected_subobjects__ = 0' in your class.

Plone itself doesn't AFAICS. Third party applications may, like the one I was talking about. The unfortunate coincidence is that these apps work fine with Zope up to 2.7.2.

This would be a good time for those apps to convert to usubg 'getToolByName'. E.g., instead of:

  tool = context.portal_sometool

they should be doing:

  from Products.CMFCore.utils import getToolByName
  tool = getToolByName(context, 'portal_sometool')

'getToolByName' already does the Right Thing here, because it uses 'aq_get' to find the tool.

Zope Corporation "Zope Dealers"
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists - )

Reply via email to