Allow augmented assignments on __setitem__ ?

[BluBb-mADe]

d = {"test": 0}
d["test"]+=1
>>> Augmented assignment of object items and slices is not allowed.

Why is this a security risk and is it possible to safely allow augmented assignments on mapped c++ objects which implement __getitem__ and __setitem__?
Furthermore is it even possible to allow this without writing a custom transformer?

[icemac]

Currently augmented assignment of object items is not allowed because it is currently not checked whether the user is has read and write access to the item.

@stephan-hof You implemented these checks in 1f26049. What was the rationale behind disallowing certain types of augmented assignment?

[stephan-hof]

This restriction is there for a long time. It has been introduced here: db27fa7

I guess the reason is that restriction python has currently not the possibility to check if the 'write back' into object is allowed. For normal assignments restricted python does

foo[a] = c    
becomes
_write_(foo)[a] = c

However this 'write' check cannot be done with augmented assignment, because the write back happens inside the __iadd__ code of the object.

One possibility to still support augmented assignments could be to transform it into:

foo[a] += 1
becomes
_write_(foo)[a] = _getitem_(foo, a) + 1

Which means the __iadd__ of foo is not called.

Apart from this I have currently no idea how a proper secured __iadd__ could look like.
Probably a change in AccessControl is required as well.