julian wrote at 2007-6-4 10:34 +0200:
>The event.log
> ...
>   Module None, line 8, in getProduct
>    - <PythonScript at /SITES/my_site/directory1/sub_directory1/getProduct>
>    - Line 8
>   Module AccessControl.ZopeGuards, line 478, in protected_inplacevar
>TypeError: Augmented assignment to And objects is not allowed in 
>untrusted code

Someone introduced a new security mechanism between Zope 2.8
and Zope 2.9:

  Inplace operations (such as "&=") are only allowed for
  "list" and "set".

The implementer did not realize that there are situation when
such inplace operations should be allowed -- as for e.g.
"AdvancedQuery.And". They did not provide for any declarations
that would allow this.

  Until Zope is fixed, "AdvancedQuery" can do nothing
  that "&=" and "|=" and friends work in untrusted code.

You have already found a workaround:

    "x &= y" is very similar to "x = x & y".

It is slightly less efficient (not an issue in this case)
and it does not affect other bindings of "x".

Zope maillist  -  Zope@zope.org
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-dev )

Reply via email to