21 Aug
2000
21 Aug
'00
12:54 p.m.
Toby Dickenson wrote:
Firstly, I assume your management page is a dtml file on disk, not a dtml object stored in the ZODB. dtml files bypass *all* security checks.
That's nice :(
Secondly, all objects that inherit from OFS.Item.SimpleItem (that is, almost all high level objects) have the __allow_access_to_unprotected_subobjects__ flag set. Your method would be callable from through-the-web dtml too.
Even though it now has a permission attached to it? cheers, Chris