Because unlike getFoo(), getProperty('foo') does not checks the permission defined on the accessor, when a form contain a my_foo field, the property would be displayed to the user who can view the form, even if the user does not actually have the permission to get this property. This because getter for default value of fields uses getProperty ( here ).

These changes modify behavior of getProperty, so that it enforces read permission security of properties and raise when user does not have permission to access properties.

Some notes about implementation:

• getProperty now becomes a bit slower, but it was incorrect before, so I guess it's inevitable.
• some efforts have been made to keep the impact on performance minimal. This uses the same approach of in edit of computing the set of restricted properties and using guarded_getattr only on these properties and using getattr on non-restricted properties. The computation of this set was moved to dynamic class generation time and as a result, edit becomes a bit faster.
• the expectedFailure part of test_PropertySheetSecurityOnAccessors was moved to another test, but I'm not even sure we want to support this (read-protecting properties with default write permission) as, to me, such configuration does not make much sense.
• new performance tests were added. I don't know what to use as min/max values so I just used something that should pass.
• implementation for getProperty('*_list') was changed a lot, I have no idea why this was getting the method on the class and passing self as first argument. Now it we just get method on the instance, like we do for single properties.