Alec Mitchell escribió:
On 7/14/06, Garito <[EMAIL PROTECTED]> wrote:
> Dieter Maurer escribió:
>> Garito wrote at 2006-7-14 07:04 +0200:
>>> def __bobo_traverse__(self, REQUEST, name):
>>> obj = getattr(self, name, None)
>>> I wonder why I can do this on a Page Template:
>>> <tal:b tal:replace='python: here.Texto' />
>>> Where Texto is a adquired property, but not this:
>>> <tal:b tal:replace='here/Texto' />
>>> because zope raises an unauthorized error
>>> How can I solve this point?
>> You can wait for the next Zope release (2.10) where this is fixed.
>> The reason: security for "__bobo_traverse__" is much stricter
>> than for attribute lookup:
>> In the latter case, the security machinery knows that the value
>> was obtained by attribute lookup and can apply the security
>> declarations of the accessed object.
>> In the former case, the security machinery does not know
>> which object was really accessed and therefore refuses
>> to look at the accessed object. This often leads to
>> an "Unauthorized".
>> The hack in Zope 2.10 checks in this case whether the value
>> could as well have been obtained by attribute lookup and
>> then checks along this route.
>> If waiting is not an option for you, you can also backport
>> the fix to your Zope version.
> Do you refer this Collector?
I use Zope 2.9.2
Use 2.9.3 and watch your problem disappear (hopefully).
Thank you so much!!!!!!
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists -