Toby Dickenson wrote:
> Firstly, I assume your management page is a dtml file on disk, not a
> dtml object stored in the ZODB. dtml files bypass *all* security
That's nice :(
> Secondly, all objects that inherit from OFS.Item.SimpleItem (that is,
> almost all high level objects) have the
> __allow_access_to_unprotected_subobjects__ flag set. Your method would
> be callable from through-the-web dtml too.
Even though it now has a permission attached to it?
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -