Would someone like to explain how to use a list in a schema object
without getting ForbiddenAttribute? This is my use case.

class IChat(Interface):
    messages = Attribute('Chat messages')

class Chat(Persistent):
    def __init__(self):
        self.messages = persistent.list.PersistentList()

<class class=".chat.Chat">
    <require permission="zope.View" interface=".interfaces.IChat" />
    <require permission="zope.View" set_schema=".interfaces.IChat" />

I have a Chat class that implements IChat and that is declared in
configure.zcml. Both the chat object and the 'messages' attribute are
proxied automatically, right? The <require /> tags in configure.zcml
adds security declarations to the chat object, but not to the 'messages'
attribute. Am I correct this far?

When I call self.context.messages.append(...) (in a browser page for
IChat) I get ForbiddenAttribute on append. I should get this, so this
is ok. But list or PersistentList has no interface I can use in IChat
instead of Attribute. So I tried using zope.schema.List instead, but
the interface of that was a small subset of what list provides and
doesn't have append either. So I don't know how to add these security
declarations to the 'messages' attribute.

How can I use a list without getting security proxy problems? Do I have
to make my own list implementation and interface?

Zope3-users mailing list

Reply via email to