Tres Seaver wrote at 2005-11-22 16:51 -0500: > ... >The actual problem here is a confusion of "authorization" with >"containment constraints": the CopySupport code is using a single check >to test both, which makes it impossible to do the Right Thing (TM): >either the proxy roles should be taken into account, in which case the >containment constraint may be violated, or they shouldn't, in which case >a proxy-role-granted script cannot be used to perform a "controlled" >paste which would otherwise not be authorized.
Not sure that I follow you: In my view, "all_meta_types" can be used to enforce "containment constraints". "CopySupport" handles this it a perfect fashion. After this "containment constraints" check, it checks that the copying/moving/renaming user has the right to add the object in the destination folder (it fact, it checks that the creating action can be traversed to, which is a bit different and fails when the action contains a query string). Modern versions take proxy roles into account. The problem is that trusted code lacks a means to set proxy roles -- thus, it cannot do what untrusted code with appropriate proxy roles can. -- Dieter _______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )