Re: [Zope-dev] Security Strangeness
Johan Carlsson wrote: > First, you can't delegate the permissionto add and delete user except > by assigning the user the role "manager". > IMHO this is to limiting. > Second, if you give a user the permission to Change Persmissions, that > user can change permissions that she doesn't have the right to manage > in the first place. In that way she can upgrade here permissions. > That's no good. This is a little inflexible isn't it? Chuck it in the collector I guess... :S cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
[Zope-dev] Security Strangeness
Hi all, I notised some strange behavior in the way Zope User Folders works. First, you can't delegate the permissionto add and delete user except by assigning the user the role "manager". IMHO this is to limiting. Second, if you give a user the permission to Change Persmissions, that user can change permissions that she doesn't have the right to manage in the first place. In that way she can upgrade here permissions. That's no good. Best Regards, Johan Carlsson ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )