> Steve Alexander wrote:
> However... the zope security system could help with this. Here's an ill
> thought out idea for your consideration :-)
> Have a function that takes two sets of permissions, and returns the
> intersection of these sets. Then, use some sort of local permissions
> combination to make the wiki page that's been edited have the resultant
> lowest-common-denominator permissions, even for the owner.
Correct me if I'm wrong, but wouldn't this have the same problem? Person of
high access makes zwiki, person of low access adds evil function to it, person
of high access views it - unless you're tracking "smallest set of privileges
held by anyone editing this page" at all times, you're going to intersect
owner with creator and still allow editor to trojan.
Is that the essential problem, or should I be quiet and go away? (or both? ;)
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -