By refering to 1.10 I did not intend to create the impression that I am very experienced. I am still just an average user and happy with that. But consider this use case:
f1 (folder, acquisition of view permission disabled, and granted again to
all roles except Anonymous)
f1_index (dtml-method)
f11 (folder)
acl_users (user folder)
user1 (user object with user defined 'student' role)
index_html (dtml-method calling f1_index)
when calling .../f1/f11 and authenticating as user1 in zope 2.7.3, you will
get the page, but in 2.7.8 you are not authorized.
I have attached an export file with this setup. If you'd like to try, just
give user1 a password of your liking and see for yourself.
More importantly, however, how would one go about making available objects
shared by many subfolders each with its own group of users?
cb
----- Original Message -----
From: "Lennart Regebro" <[EMAIL PROTECTED]>
To: "Kees de Brabander" <[EMAIL PROTECTED]>
Cc: "David" <[EMAIL PROTECTED]>; "zope user list" <[email protected]>
Sent: Saturday, February 11, 2006 12:09 PM
Subject: Re: [Zope] Zope and roles and hierarchy
On 2/11/06, Kees de Brabander <[EMAIL PROTECTED]> wrote:
> Unaware of any security risks I used this "feature" from zope 1.10.x on
and
> regularly upgrading my applications I had no problems until zope 2.7.8
Admittedly, I didn't use 1.10, I only discovered Zope two months
later, with 2.0.1. And I don't remember those details that far back.
But at least in 2.4.0, this code was called when you did
user.allowed():
[...]
And hence, you can't have done this after Zope 2.4.0. So I still think
you are talking about something else.
--
Lennart Regebro, Nuxeo http://www.nuxeo.com/
CPS Content Management http://www.cps-project.org/
f1.zexp
Description: Binary data
_______________________________________________ Zope maillist - [email protected] http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
