Skip to content

Z
Zope
Commit 830e486e authored by Jim Fulton's avatar Jim Fulton
Browse files
Options

Removed the security-manager "validateValue" api. This was 

necessitated by changes in the security policy that requires access to
source objects and attribute names to check acces to objects obtained
through attribute access.

New-style class dictionaries are immutable. Changed some class-update
code to use setattr rather thah class-dictionary modifications.
parent 69c89108
Hide whitespace changes
Inline Side-by-side
Showing with 4 additions and 3 deletions
lib/python/AccessControl/SecurityInfo.py
View file @ 830e486e
......@@ -162,7 +162,7 @@ class ClassSecurityInfo(SecurityInfo):
ac_permissions = {}
for name, access in self.names.items():
if access in (ACCESS_PRIVATE, ACCESS_PUBLIC, ACCESS_NONE):
dict['%s__roles__' % name] = access
setattr(classobj, '%s__roles__' % name, access)
else:
if not ac_permissions.has_key(access):
ac_permissions[access] = []
......@@ -182,12 +182,13 @@ class ClassSecurityInfo(SecurityInfo):
else:
entry = (permission_name, tuple(names))
__ac_permissions__.append(entry)
dict['__ac_permissions__'] = tuple(__ac_permissions__)
setattr(classobj, '__ac_permissions__', tuple(__ac_permissions__))
# Take care of default attribute access policy
access = getattr(self, 'access', _marker)
if access is not _marker:
dict['__allow_access_to_unprotected_subobjects__'] = access
setattr(classobj, '__allow_access_to_unprotected_subobjects__',
access)
if getattr(self, '_warnings', None):
LOG('SecurityInfo', WARNING, 'Class "%s" had conflicting '
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7