Christian Theune wrote:
> Log message for revision 69387:
> - Removed conflicting security declaration for the traversal adapter that
> returns a Session object.
> U Zope3/branches/ctheune-issue-574/src/zope/app/session/configure.zcml
> Modified: Zope3/branches/ctheune-issue-574/src/zope/app/session/configure.zcml
> --- Zope3/branches/ctheune-issue-574/src/zope/app/session/configure.zcml
> 2006-08-10 08:24:12 UTC (rev 69386)
> +++ Zope3/branches/ctheune-issue-574/src/zope/app/session/configure.zcml
> 2006-08-10 12:23:22 UTC (rev 69387)
> @@ -23,7 +23,6 @@
> - permission="zope.Public"
> <class class=".session.Session">
Hah! I can't believe that was the problem. It all makes sense now. I
still wonder why the session object was still wrapped in a proxy whose
checker didn't allow anything... seems that such a setup causes the
security machinery to be a little confused? Perhaps the system shouldn't
allow such combinations (adapter security + security of the class)?
Zope3-dev mailing list