Toby Dickenson wrote:
> Firstly, I assume your management page is a dtml file on disk, not a
> dtml object stored in the ZODB. dtml files bypass *all* security
> checks.

That's nice :(

> Secondly, all objects that inherit from OFS.Item.SimpleItem (that is,
> almost all high level objects) have the
> __allow_access_to_unprotected_subobjects__ flag set. Your method would
> be callable from through-the-web dtml too.

Even though it now has a permission attached to it?



Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to