Tres Seaver wrote at 2005-11-22 16:51 -0500:
... The actual problem here is a confusion of "authorization" with "containment constraints": the CopySupport code is using a single check to test both, which makes it impossible to do the Right Thing (TM): either the proxy roles should be taken into account, in which case the containment constraint may be violated, or they shouldn't, in which case a proxy-role-granted script cannot be used to perform a "controlled" paste which would otherwise not be authorized.
Not sure that I follow you: In my view, "all_meta_types" can be used to enforce "containment constraints". "CopySupport" handles this it a perfect fashion. After this "containment constraints" check, it checks that the copying/moving/renaming user has the right to add the object in the destination folder (it fact, it checks that the creating action can be traversed to, which is a bit different and fails when the action contains a query string). Modern versions take proxy roles into account. The problem is that trusted code lacks a means to set proxy roles -- thus, it cannot do what untrusted code with appropriate proxy roles can. -- Dieter