Dieter Maurer wrote: > Martin Aspeli wrote at 2009-4-12 18:31 +0800: >> .... >> Finally, there is not total parity between Zope 2 security and Zope 3 >> security. Zope 2 cannot protect 'property set', for example. > > Since Zope 2.8, Zope 2 could in principle -- and until quite recently > I thought, it really can: it only fails with the "context" check > (is the accessed object in the context of the UserFolder authenticating > the current user). Of course, such checks fail for objects not acquisition > wrapped. If we let pass this check in such cases, Zope 2 can protect > property sets.
Not sure I understand you here. How would I declare that 'set' of an attribute (property) is protected by one permission and 'get' is protected by another? Martin -- Author of `Professional Plone Development`, a book for developers who want to work with Plone. See http://martinaspeli.net/plone-book _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )