El lun, 28-08-2006 a las 20:35 +0200, Philipp von Weitershausen escribió: > Ack. Just get the current interaction with > zope.security.management.getInteraction(). With this code you're > hard-wiring yourself to the security policy in zope.app.securitypolicy. > Thanks, that's good to know.
> Right. Because you're not supposed to poke at __data. The two > underscores should scare you off! > > By the way, this is a rule of thumb: > > Whenever you get ForbiddenAttribute errors, you're doing something > wrong. Either: > > 1. you're missing security declarations > > 2. you're accessing something that purposely has no security > declarations because you're not supposed to access it. > > Most of the times when newbies hit ForbiddenAttribute, it's #1. In your > case it's #2. > > If you would take advantage of interfaces and look at IContainer, you > would see that contianers are like mappings (=dictionaries). Therefore, > in order to add something in the container, you need to be able to > access the __setitem__ method. Check for that and you'll be all set. > Sorry, my fault: I forgot to mention that I *did try* zope.security.canWrite(obj, '__setitem__') before and it always returns False, no matter if I try with the right user. That's why I started to poke with '__data' which I know was going to be a hack. By the way, by your rule of thumb I should not play with '__setitem__' neiter (e.g. it has four underscores). Lorenzo _______________________________________________ Zope3-users mailing list [email protected] http://mail.zope.org/mailman/listinfo/zope3-users
