ClassSecurityInfo uses class.__dict__ setitem
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zope 2 |
Fix Released
|
Medium
|
Unassigned |
Bug Description
The ClassSecurityInfo class' apply method is using dictionary assignment to set class attribute values. This breaks if the class is a new-style class under Python 2.2+, where class-dictionaries are proxy objects that disallow setting values. The problem likely can be fixed by substituting all instances of:
dict[key] = value
with:
setattr( classobj, key, value )
you can check the error with this code:
from AccessControl import ClassSecurityInfo
import Globals
class X( object ):
"""Some content object"""
security = ClassSecurityInfo()
security.
def y( self ):
"""Do something or other"""
Globals.
which produces this traceback:
File "v:\zopehome/
import securityproblem
File "v:\zopehome/
Globals.
File "C:\bin\
security_
File "C:\bin\
dict[
TypeError: object does not support item assignment
The code in current Zope does indeed use a "setattr(classobj, '%s__roles__' % name, access)" instead as proposed by this patch.