On Thu, Jul 8, 2010 at 3:02 PM, Martin Aspeli <optilude+li...@gmail.com> wrote: >> Ideally I'd love to add support for the permission attribute, as >> clearly people have been using it. But if there's nobody who can >> figure out how to do that, I'd at least like to clarify the add view >> case. > > Why can't we just copy the relevant code from the browser:page directive? > > The ViewSecurityGrokker in > http://svn.zope.org/five.grok/trunk/src/five/grok/meta.py?rev=112163&view=auto > may be useful reading too. It should be doing the same thing, no?
It seems you have some idea about this code, so are you volunteering to implement this? Since we are dealing with a disclosed real security vulnerability here, I need to have some resolution by next Tuesday. Either that is disabling the functionality or protecting it with some security. Hanno _______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org https://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - https://mail.zope.org/mailman/listinfo/zope-announce https://mail.zope.org/mailman/listinfo/zope )