Just doing Squishdot for 2.2 when I noticed the following:

The SquishSite class has a method called item_count() which is used on
one of the management pages. It currently isn't protected by any
permissions or __roles__ and yet it still works fine on the management
screen concerned.

I thought this sort of thing was supposed to throw up an unauthorized
error in 2.2?



PS: It is now protected by a permission, but I can send anyone who cares
a version which isn't...

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to