On 9 July 2010 16:12, Hanno Schlichting <ha...@hannosch.eu> wrote:
> On Thu, Jul 8, 2010 at 3:02 PM, Martin Aspeli <optilude+li...@gmail.com> 
> wrote:
>>> Ideally I'd love to add support for the permission attribute, as
>>> clearly people have been using it. But if there's nobody who can
>>> figure out how to do that, I'd at least like to clarify the add view
>>> case.
>> Why can't we just copy the relevant code from the browser:page directive?
>> The ViewSecurityGrokker in
>> http://svn.zope.org/five.grok/trunk/src/five/grok/meta.py?rev=112163&view=auto
>> may be useful reading too. It should be doing the same thing, no?
> It seems you have some idea about this code, so are you volunteering
> to implement this?

Possibly. I have client work that has to take priority right now.

> Since we are dealing with a disclosed real security vulnerability
> here, I need to have some resolution by next Tuesday. Either that is
> disabling the functionality or protecting it with some security.

I'd appreciate it if someone who's getting more than four hours of
sleep a night at the moment takes a stab. I'm happy to review/assist.

Zope-Dev maillist  -  Zope-Dev@zope.org
**  No cross posts or HTML encoding!  **
(Related lists - 
 https://mail.zope.org/mailman/listinfo/zope )

Reply via email to