On 9 July 2010 16:12, Hanno Schlichting <ha...@hannosch.eu> wrote:
> On Thu, Jul 8, 2010 at 3:02 PM, Martin Aspeli <optilude+li...@gmail.com>
>>> Ideally I'd love to add support for the permission attribute, as
>>> clearly people have been using it. But if there's nobody who can
>>> figure out how to do that, I'd at least like to clarify the add view
>> Why can't we just copy the relevant code from the browser:page directive?
>> The ViewSecurityGrokker in
>> may be useful reading too. It should be doing the same thing, no?
> It seems you have some idea about this code, so are you volunteering
> to implement this?
Possibly. I have client work that has to take priority right now.
> Since we are dealing with a disclosed real security vulnerability
> here, I need to have some resolution by next Tuesday. Either that is
> disabling the functionality or protecting it with some security.
I'd appreciate it if someone who's getting more than four hours of
sleep a night at the moment takes a stab. I'm happy to review/assist.
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -