On Monday 09 June 2008, Daniel Blackburn wrote: > It seems that there either may be an issue with Zope security or I do > not understand it properly. Please let me know what you guys think. > > Lets say we have a principal with no direct permissions or roles > assigned to see a view index.html. The principal has two groups, > group1 and group2. group1 allows the principal to see index.html and > group2 denys access to index.html. It seems to me that in this > situation of conflicting permissions a deny permission should result > for the principal to the index view. However it does not, the > permission will be digested into allowing the principal to have access > to the view. Is this the desired behavior, or just simply overlooked. > I looked in the doctests and did not see anything like this. Any > feedback would be appreciated.
I would epxect the order of the groups to matter and simply the setting that is found last wins. This is a third possible behavior that mimics Python's inheritance behavior. Regards, Stephan -- Stephan Richter Web Software Design, Development and Training Google me. "Zope Stephan Richter" _______________________________________________ Zope-Dev maillist - [email protected] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
