Santi Camps wrote at 2004-10-18 12:37 +0200:
> ...
>I have a persistent object A and a non persistent object B.   B has 
>implicit acquisition.   From trusted code I return B.__of__(A).   Trying 
>to access B.meta_type from untrusted code (a ZPT) raises the error.    B 
>has no attribute meta_type, so it should be returned from A using 
>implicit acquisition.  A has all necessary security assertions.

"meta_type" is probably a string.
Elementary data types (such as string) do not know
anything about acquisition.
The code that checks the permissions cannot (easily) determine
where it comes from (other than reimplementing acquisition, which
would not be a good thing).

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to