-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Suresh V. wrote: > Andreas Jung wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA1 >> >> Suresh V. wrote: >>> Possible bug in Plone 3.3.4: >>> >>> If you had a folderish object in private state which had an 'acl_users' >>> inside it and an anonymous user attempts to browse to the object you end >>> up with "BadRequest" instead of "Unauthorized" from globalize() in >>> ploneview.py which bubbles up from getToolByName() in >>> CMFCore/PortalFolder.py. >>> >> >> Why should a folderish object contain its own acl_users folder beside >> the one of Plone. This is bad-practice. > > You sure about that? I used to think that one of the wonderful things > about Zope and Acquisition and fine grained security and all that was to > be able to have an acl_users anywhere in the hierarchy - Is that not > true any more???? > We discussed that already in depth some weeks ago on the plone-users list (read up on the subsites discussion).
- -aj -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuhI/8ACgkQCJIWIbr9KYyNxQCdGvX/yPJSkssY6rcGRkBouQzS jFkAoJpmOHHW2fO5vGa4Sp6c0hyEBnXp =IwER -----END PGP SIGNATURE-----
<<attachment: lists.vcf>>
_______________________________________________ Product-Developers mailing list [email protected] http://lists.plone.org/mailman/listinfo/product-developers
