Shane Hathaway wrote at 2003-6-10 10:15 -0400: > Brian Lloyd wrote: > > FYI - we plan for this to be fixed in 2.6.2, preferably by fixing > > the version machinery to require the "join / leave versions" > > permission (which is assigned only to managers by default. > > It will be interesting to find out how this can be accomplished. To use > a version, you have to specify the version at the time of opening the > database. Before opening the database, the application has no access to > user accounts, let alone security settings.
Let it open the version, perform the traversal and after authentication, check that it was justified. If not, abort the request. Dieter _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )