[z3-five] Adaptation in untrusted code
Maciej Wisniowski
maciej.wisniowski at coig.katowice.pl
Wed Nov 15 14:11:04 CET 2006
> I need to do the following in a python script or a page template:
>
> IRender(obj).render(context)
>
> So, I've sacrificed the following chickens:
>
> - allow_module(MyProduct.interfaces)
> (which is where IRender comes from, so I can import it)
>
> - security.declarePublic('render') for the render method of my adapter.
>
> The latter makes me uneasy. It's needed because the adapter is created
> without any acquisition context and so Zope 2's security machinery
> thinks the current user is defined outside of the context of the object
> being accessed.
>
I had exactly same problem yesterday (adapter to Cacheable objects that
flushes individual cache entries) and unfortunatelly I finished with
workaround - using external method. How do you set security in your ZCML
file??
> What I really want is to do:
>
> security.declarePublic(View,'render')
>
> ...in my adapter code. How can I go about doing this?
You mean:
security.declareProtected('View','render')?
It didn't worked for me but I've been lost in security declarations from
zcml and security in old Zope2 way... and I was not sure what,
where and how...
BTW. Chris, I've removed this silly thing from my Thunderbird config ;)
--
Maciej Wisniowski
More information about the z3-five
mailing list