Toby Dickenson wrote:
> Firstly, I assume your management page is a dtml file on disk, not a
> dtml object stored in the ZODB. dtml files bypass *all* security
> checks.
That's nice :(
> Secondly, all objects that inherit from OFS.Item.SimpleItem (that is,
> almost all high level objects) have the
> __allow_access_to_unprotected_subobjects__ flag set. Your method would
> be callable from through-the-web dtml too.
Even though it now has a permission attached to it?
cheers,
Chris
_______________________________________________
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )