A recent change breaks access sometimes

Bug #859090 reported by Gediminas Paulauskas
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
zope.security (Ubuntu)
Fix Released
Critical
Gediminas Paulauskas

Bug Description

We have a problem with SchoolTool and zope.security 3.8.2, that we get ForbiddedAttribute in some pages.

As Douglas Cerna has investigated,

"I think the problem is that the zope.location.location.LocationProxy.__Security_checker__ assignment was moved from zope.security.proxy to zope.security.decorator in the change from 3.8.0 to 3.8.1.

-------------------- %< --------------------
--- src/zope/security/proxy.py (.../3.8.0) (revisión: 122910)
+++ src/zope/security/proxy.py (.../3.8.1) (revisión: 122910)
@@ -69,14 +69,3 @@
    # being used for isinstance

    return builtin_isinstance(removeSecurityProxy(object), cls)
-
-
-# zope.location was made independent of security. To work together with
-# security, we re-inject the DecoratedSecurityCheckerDescriptor onto the
-# location proxy from here.
-# This is the only sane place we found for doing it: it kicks in as soon
-# as someone starts using security proxies.
-import zope.location.location
-from zope.security.decorator import DecoratedSecurityCheckerDescriptor
-zope.location.location.LocationProxy.__Security_checker__ = (
- DecoratedSecurityCheckerDescriptor())
-------------------- %< --------------------

If I put the removed code back in zope.security.proxy the view works. If I just add "import zope.security.decorator" at the top of schooltool.app.browser.app the view works :/"

Changed in zope.security (Ubuntu):
status: New → In Progress
importance: Undecided → Critical
assignee: nobody → Gediminas Paulauskas (menesis)
summary: - Breaks some security checkers
+ A recent change breaks access sometimes
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package zope.security - 3.8.2.is.3.8.0-0ubuntu1

---------------
zope.security (3.8.2.is.3.8.0-0ubuntu1) oneiric; urgency=low

  * Go back to 3.8.0 because a change in 3.8.1 breaks schooltool. (LP: #859090)
 -- Gediminas Paulauskas <email address hidden> Sun, 25 Sep 2011 21:30:07 +0300

Changed in zope.security (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
Gediminas Paulauskas (menesis) wrote :

This is now fixed upstream and uploaded to Precise as 3.8.3-1ubuntu1

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.