Five: pagetemplate want a context with Zope 2 security context
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zope 2 |
Invalid
|
Low
|
Unassigned |
Bug Description
If you have a class, non-persitant, generated on the fly, with a browser view on it, using a pagetemplate and a view class, you can't access to the view class from the template, you have a '<UnauthorizedB
This happens because the view class is acquired from the context, with a Zope 2 security check. In 'Products.
All of all, the security here is enforced in the 'configure.zcml' file, when the page is declared. So I don't think we need this check, which prevent this case to work. I think it's always the same case, in Five/Zope 3 techniques, if you have the right to see the template (so the context), you have the right to see the view class, which is merly accessor to context (with logic in it).
You can correct this problem, by adding a method to 'Products.
def _getContext(self):
while 1:
self = self.aq_parent
if not getattr(self, '_is_wrapperish', None):
return self
Got this problem with Zope 2.9 (Five 1.4.4) and Zope 2.10 (default shipped Five version).
Could you please provide a unittest for the patch?