In CMFCore of CMF 1.5.4: If a low-security-clearance user calls an external method (in a workflow scripts folder) that pastes an object from a PortalFolder, he gets an error because the following line in CMFCore.PortalFolder fails:
if not sm.checkPermission(DeleteObjects, parent): raise AccessControl_Unauthorized This is even the case if "sm.checkPermission" is changed to "_checkPermission", which takes into account proxy roles. The external method does not allow proxy roles attached, so I can't just add a "Manager" proxy role. Because I called the pasting in an external method, I expected it to go through without security problems! Is this a right expectation / and a bug, or a wrong expectation? Peace, George [originally posted this on the zope list yesterday but then discovered this list also] On 11/18/05, George Lee <[EMAIL PROTECTED]> wrote: > I forget if I submitted a collector issue about this before, but I > didn't see it. I just posted one at > <http://www.zope.org/Collectors/CMF/396>: > > Title: PortalFolder.py _verifyObjectPaste ignores executable security > > Version info: CMF 1.5.4 but also in trunk > > _verifyObjectPaste calls "sm.checkPermission(permission_name,self)" > rather than "_checkPermission(permission_name,self)" > > This makes it ignore executable security. So, if _verifyObjectPaste is > in an external method or in a script with sufficient proxy roles, it > raises an Unauthorized error for users when the external method / > proxy role security should suffice. > > > > On 9/9/05, Dieter Maurer <[EMAIL PROTECTED]> wrote: > > George Lee wrote at 2005-9-8 23:57 -0400: > > > ... > > >Is it okay to just replace sm.checkPermission with _checkPermission > > >from CMFCore.utils or is that not okay? > > > > Yes. But, please file a bug report as well. > > > > >Also Dieter I noticed that Alan Runyan and you briefly discussed this > > >issue back in 2002: > > >http://mail.zope.org/pipermail/zope-cmf/2002-September/015350.html > > > > Any internal use should always take executable security (i.e. > > executable ownership and proxy roles) into account. > > Not doing so is a but, as things expected to be possible are not > > and (maybe even worse) things expected to be impossible may > > be possible. > > > > There may be a need for application code to check the permissions > > of the user with proxy roles not taken into account. > > > > E.g. a script that must use a "Manager" roles to do one > > thing but does not want to do another unless the current > > user has specific permissions. > > > > For this case, there also should be a method checking > > permissions with proxy roles not taken into account. > > > > -- > > Dieter > > > _______________________________________________ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests