Hi!
An other issue with converting skin scripts to browser views:
Scripts are untrusted code, the permissions are checked for all methods
called from scripts. Browser views are trusted code, they are only
protect by one permission for the complete view.
Complex forms like folder contents behave different depending on the
permissions the users have. E.g. some users can delete or rename
sub-objects while others can't.
The only solution I see is to protect all actions that need a different
permission than the form itself by checkPermission.
Am I missing something?
Cheers,
Yuppie
_______________________________________________
Zope-CMF maillist - Zope-CMF@lists.zope.org
http://mail.zope.org/mailman/listinfo/zope-cmf
See http://collector.zope.org/CMF for bug reports and feature requests
