I'm a little confused by the "permission" attribute on the <adapter> statement.

First of all, a principal not having the set permission still gets the adapter. That wouldn't be much of a problem if the adapter was securiy-proxied.

The adapter is created with the _protectedFactory:

def _protectedFactory(original_factory, checker):
   # This has to be named 'factory', aparently, so as not to confuse
   # apidoc :(
   def factory(*args):
       ob = original_factory(*args)
           ob.__Security_checker__ = checker
       except AttributeError:
           ob = Proxy(ob, checker)

       return ob
   factory.factory = original_factory
   return factory

I wonder why the factory only creates a security proxy when it cannot assign __Security_checker__ to the adapter. I suppose this is intentional?

Christian Zagrodnick

gocept gmbh & co. kg  ·  forsterstrasse 29 · 06112 halle/saale
www.gocept.com · fon. +49 345 12298894 · fax. +49 345 12298891

Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to