Christian Theune wrote:
we are wondering about the behaviour in the following situation:
* self is a view and we're in a method of that view
* self.context is an instance of class A
(A is a content class and a folder)
* self.context is security proxied
* class A has a method doStuff
* we call self.context.doStuff()
* in doStuff, self is not proxied
* accessing other things through self[id] in doStuff does not give a
Result: code can perform operations that users normally could not do,
without anybody calling "removeAllProxies" explicitly.
Is this intentional?
Yes. self is never proxied.
> I'm not sure about that. I feel like those calls
should work with proxied objects as well.
I don't agree. At some point, you have to trust code,
PS: It seems that the _zope_security_proxy.c code and the corresponding
Python code are a little bit out of sync. The C-code does a little bit
more that isn't in the python code anymore. See this patch:
--- checker.py (Revision 41246)
+++ checker.py (Arbeitskopie)
@@ -371,6 +371,9 @@
if checker is NoProxy:
+ if checker is _defaultChecker and isinstance(object, Exception):
+ return None
while not isinstance(checker, Checker):
checker = checker(object)
if checker is NoProxy or checker is None:
As stated in _zope_security_proxy.c line 495:
/* if checker is _defaultChecker and isinstance(object, Exception):
/* return None */
if (checker == _defaultChecker
&& PyObject_IsInstance(object, PyExc_Exception))
Jim Fulton mailto:[EMAIL PROTECTED] Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
Zope3-dev mailing list