Itamar Shtull-Trauring wrote:
> > Another simpler solution is to make all the pages unowned, make new
> > pages unowned, and make them remain unowned even when edited.
>
> I think "unowned" in 2.2 is the like the 2.1 behaviour - executes at the
> privilige level of the viewer.
:(
I'd prefer it
Steve Alexander wrote:
> Another simpler solution is to make all the pages unowned, make new
> pages unowned, and make them remain unowned even when edited.
I think "unowned" in 2.2 is the like the 2.1 behaviour - executes at the
privilige level of the viewer.
--
Itamar S.T. [EMAIL PROTECTED]
Steve Alexander wrote:
> When I write a product that allows users to edit executable content, I
> have an extra responsibility to collaborate with the new security model.
> As a general princliple, executable content should never be editable by
> users with lower permissions than the owner of the
KevinL wrote:
>
> > Steve Alexander wrote:
> > However... the zope security system could help with this. Here's an ill
> > thought out idea for your consideration :-)
> >
> > Have a function that takes two sets of permissions, and returns the
> > intersection of these sets. Then, use some sort of
Steve Alexander wrote:
> > The problem with applying this principle in Zope is that the roles and
> > permissions system is very expressive, and it is complex to know when
> > one user has lower permissions than another.
>
> However... the zope security system could help with this. Here's an ill
> Steve Alexander wrote:
> However... the zope security system could help with this. Here's an ill
> thought out idea for your consideration :-)
>
> Have a function that takes two sets of permissions, and returns the
> intersection of these sets. Then, use some sort of local permissions
> combina
Steve Alexander wrote:
>
> When I write a product that allows users to edit executable content, I
> have an extra responsibility to collaborate with the new security model.
>
> I reckon that it is up to the ZWiki product to change ownership
> appropriately if the page is edited. The zope securit
> Chris Withers wrote:
> > Paul comes along to read the new ZWiki page, and IIUC, inadvertently
> > executes DEE and deletes everything, everywhere, because he is a
> > manager, and Jim (still the owner) is a manager and so DEE executes.
> >
> > Have I missed something?
>
> When I write a produc
Chris Withers wrote:
>
> Hi,
>
> This comes from a chat on #zope and some worries I've had since the
> server side issue was raised.
>
> Unless I'm mistaken, the new security model doesn't solve the issue
> because ownership isn't changed by editing.
>
> Lets take the example of a ZWiki page w
Hi,
This comes from a chat on #zope and some worries I've had since the
server side issue was raised.
Unless I'm mistaken, the new security model doesn't solve the issue
because ownership isn't changed by editing.
Lets take the example of a ZWiki page which executes any DTML in its
contents whe
10 matches
Mail list logo
