Alec Mitchell escribió:
On 7/14/06, Garito <[EMAIL PROTECTED]> wrote:
Garito escribió:
> Dieter Maurer escribió:
>> Garito wrote at 2006-7-14 07:04 +0200:
>>
>>> ...
>>> def __bobo_traverse__(self, REQUEST, name):
>>>        obj = getattr(self, name, None)
>>> ...
>>> I wonder why I can do this on a Page Template:
>>>
>>> <tal:b tal:replace='python: here.Texto' />
>>>
>>> Where Texto is a adquired property, but not this:
>>>
>>> <tal:b tal:replace='here/Texto' />
>>>
>>> because zope raises an unauthorized error
>>>
>>> How can I solve this point?
>>>
>>
>> You can wait for the next Zope release (2.10) where this is fixed.
>>
>> The reason: security for "__bobo_traverse__" is much stricter
>> than for attribute lookup:
>>
>>    In the latter case, the security machinery knows that the value
>>    was obtained by attribute lookup and can apply the security
>>    declarations of the accessed object.
>>
>>    In the former case, the security machinery does not know
>>    which object was really accessed and therefore refuses
>>    to look at the accessed object. This often leads to
>>    an "Unauthorized".
>>
>> The hack in Zope 2.10 checks in this case whether the value
>> could as well have been obtained by attribute lookup and
>> then checks along this route.
>>
>>
>> If waiting is not an option for you, you can also backport
>> the fix to your Zope version.
>>
>>
>>
>>
> Do you refer this Collector?
>
> http://www.zope.org/Collectors/Zope/2072
>
I use Zope 2.9.2


Use 2.9.3 and watch your problem disappear (hopefully).

Alec
Completely disappeared!!!

Thank you so much!!!!!!

--
Mis Cosas
http://blogs.sistes.net/Garito


_______________________________________________
Zope maillist  -  Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to