Shane Hathaway wrote at 2003-6-10 10:15 -0400:
 > Brian Lloyd wrote:
 > > FYI - we plan for this to be fixed in 2.6.2, preferably by fixing
 > > the version machinery to require the "join / leave versions"
 > > permission (which is assigned only to managers by default.
 > It will be interesting to find out how this can be accomplished.  To use 
 > a version, you have to specify the version at the time of opening the 
 > database.  Before opening the database, the application has no access to 
 > user accounts, let alone security settings.

Let it open the version, perform the traversal and
after authentication, check that it was justified.
If not, abort the request.


Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to