Christian Theune wrote:
> Log message for revision 69387:
>    - Removed conflicting security declaration for the traversal adapter that
>      returns a Session object.
>   
> 
> Changed:
>   U   Zope3/branches/ctheune-issue-574/src/zope/app/session/configure.zcml
> 
> -=-
> Modified: Zope3/branches/ctheune-issue-574/src/zope/app/session/configure.zcml
> ===================================================================
> --- Zope3/branches/ctheune-issue-574/src/zope/app/session/configure.zcml      
> 2006-08-10 08:24:12 UTC (rev 69386)
> +++ Zope3/branches/ctheune-issue-574/src/zope/app/session/configure.zcml      
> 2006-08-10 12:23:22 UTC (rev 69387)
> @@ -23,7 +23,6 @@
>        provides="zope.traversing.interfaces.IPathAdapter"
>        factory=".session.Session"
>        name="session"
> -      permission="zope.Public"
>        />
>  
>    <class class=".session.Session">

Hah! I can't believe that was the problem. It all makes sense now. I
still wonder why the session object was still wrapped in a proxy whose
checker didn't allow anything... seems that such a setup causes the
security machinery to be a little confused? Perhaps the system shouldn't
allow such combinations (adapter security + security of the class)?

Philipp
_______________________________________________
Zope3-dev mailing list
Zope3-dev@zope.org
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com

Reply via email to