[z3-five] Using <class> for security assertions
Martin Aspeli
optilude at gmx.net
Mon Sep 11 02:25:50 CEST 2006
Hi,
Having spent some time in AccessControl/ImplPython.py I'm wondering...
I got an error "the container contains no security assertions" (via
verbose-security) when trying to do context/aq_explicit in a page template.
I thought I had provided some security assertions, by using the <class>
directive. Obviously I must've done something wrong.
This is the relevant code. This is from
http://svn.plone.org/svn/plone/plone.app.portlets/trunk/plone/app/portlets/portlets
<class class=".classic.ClassicPortletAssignment">
<require
permission="zope2.View"
interface=".classic.IClassicPortlet"
/>
</class>
and in classic.py:
class IClassicPortlet(...):
template = schema.TextLine(...)
macro = schema.TextLine(...)
class ClassicPortletAssignment(Implicit, Contained):
implements(IClassicPortlet
def __init__(self, template=u'', macro=u''):
self.template = template
self.macro = macro
Now - mixing in OFS.SimpleItem.SimpleItem instead of
Acquisition.Implicit in that class does make the code work again. I
don't really understand why, but I guess it enables at least some of the
security assertions (i.e. those that are checked in this case).
So what am I doing wrong? I thought the <class> directive would've taken
care of it all for me :-/
Martin
More information about the z3-five
mailing list