Christian Theune wrote: > Log message for revision 69387: > - Removed conflicting security declaration for the traversal adapter that > returns a Session object. > > > Changed: > U Zope3/branches/ctheune-issue-574/src/zope/app/session/configure.zcml > > -=- > Modified: Zope3/branches/ctheune-issue-574/src/zope/app/session/configure.zcml > =================================================================== > --- Zope3/branches/ctheune-issue-574/src/zope/app/session/configure.zcml > 2006-08-10 08:24:12 UTC (rev 69386) > +++ Zope3/branches/ctheune-issue-574/src/zope/app/session/configure.zcml > 2006-08-10 12:23:22 UTC (rev 69387) > @@ -23,7 +23,6 @@ > provides="zope.traversing.interfaces.IPathAdapter" > factory=".session.Session" > name="session" > - permission="zope.Public" > /> > > <class class=".session.Session">
Hah! I can't believe that was the problem. It all makes sense now. I still wonder why the session object was still wrapped in a proxy whose checker didn't allow anything... seems that such a setup causes the security machinery to be a little confused? Perhaps the system shouldn't allow such combinations (adapter security + security of the class)? Philipp _______________________________________________ Zope3-dev mailing list [email protected] Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
