13 Jan
2006
13 Jan
'06
7:22 p.m.
We are running Zope 2.6.x and I noticed yesterday that I could do the following: acl_users = container.acl_users user = acl_users.getUser('test_user') request.set('AUTHENTICATED_USER',user) print request.AUTHENTICATED_USER.getUserName() This isn't a huge deal since it doesn't seem to change the permissions available to the user. But many of our scripts rely on AUTHENTICATED_USER.getUserName() to return the actual logged in user. Is this addressed in later versions of Zope? Is there a better way to get the current user's user name? We allow untrusted developers on our Zope server and this may allow them to exploit certain systems. -Brian