Tony Middleton wrote:
> Public bug reported:
>
> After moving from Zope 2.10 to 2.12 some existing Python code which
> accesses self written packages failed. I have created a small test
> module to show the problem.
>
> Here is Products/testp/testm.py
>
> class testc:
> def __init__(self,testval):
> self.testval = testval
> def testv(self):
> return self.testval
The fact that access to 'testv' worked in any Zope2 version was the bug:
your class doesn't abide by the Zope2 security policy, which requires
that methods of classes be explicitly protected with a permission, or
else that the class has an '__allow_access_to_unprotected_subobjects__'
which enables access. Your grants allow access to the module and the
class, but not to methods or attributes of the class. See:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Tony Middleton wrote: testp/testm. py _(self, testval) :
> Public bug reported:
>
> After moving from Zope 2.10 to 2.12 some existing Python code which
> accesses self written packages failed. I have created a small test
> module to show the problem.
>
> Here is Products/
>
> class testc:
> def __init_
> self.testval = testval
> def testv(self):
> return self.testval
The fact that access to 'testv' worked in any Zope2 version was the bug: access_ to_unprotected_ subobjects_ _'
your class doesn't abide by the Zope2 security policy, which requires
that methods of classes be explicitly protected with a permission, or
else that the class has an '__allow_
which enables access. Your grants allow access to the module and the
class, but not to methods or attributes of the class. See:
http:// docs.zope. org/zope2/ zdgbook/ Security. html
Please try adding the "magic" attribute at class scope, e.g.::
class testc: _allow_ access_ to_unprotected_ subobjects_ _ = 1
_
...
or else set up explicit security on your class, and initialize the class::
from AccessControl. SecurityInfo import ClassSecurityInfo
from App.class_init import InitializeClass
class testc: declarePublic( 'testv' )
security = ClassSecurityInfo()
...
security.
def testv(self):
...
InitializeCla ss(testc)
If that fixes the issue, then we can re-categorize this as a misfeature
of Zope 2.10.
status incomplete
Tres. ======= ======= ======= ======= ======= ======= ======= ======= ==== palladion. com enigmail. mozdev. org
- --
=======
Tres Seaver +1 540-429-0999 <email address hidden>
Palladion Software "Excellence by Design" http://
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://
iEYEARECAAYFAkv u334ACgkQ+ gerLs4ltQ6BRQCg q6320sot9WP8z2N Di/5im7py OMQ4MILg8084/ cPI6
OekAoIIZE4npLZ8
=bVy6
-----END PGP SIGNATURE-----