Stefan H. Holek wrote:
On 09.10.2004, at 18:04, Tres Seaver wrote:


*By definition*, anybody who has declared 'setDefaultAccess('deny') *wants* the behavior you describe: that declaration says, "unless I give you explicit permission for using a name, refuse."


If Plone has classes which make such assertions, then either the authors *meant* them, or they need to be removed. This is (literally) the same thing as declaring '__allow_access_to_unprotected_subobjects__ = 0' in your class.


Plone itself doesn't AFAICS. Third party applications may, like the one I was talking about. The unfortunate coincidence is that these apps work fine with Zope up to 2.7.2.

This would be a good time for those apps to convert to usubg 'getToolByName'. E.g., instead of:


  tool = context.portal_sometool

they should be doing:

  from Products.CMFCore.utils import getToolByName
  tool = getToolByName(context, 'portal_sometool')

'getToolByName' already does the Right Thing here, because it uses 'aq_get' to find the tool.

Tres.
--
===============================================================
Tres Seaver [EMAIL PROTECTED]
Zope Corporation "Zope Dealers" http://www.zope.com
_______________________________________________
Zope-Dev maillist - [EMAIL PROTECTED]
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to