On Tue, 5 Sep 2000, ethan mindlace fremen wrote:
Now every object excecutes according to the permision of the owner, *not* the viewer. It can also run as a proxy role. The super-bootstrap-user lives outside of "normal" zope authentication & has permission to do anything save that which NotEvenGodShouldDo. Therefore, it shouldn't own objects.
Methods actually now execute with the effective intersection of the permissions granted to the AUTHENTICATED_USER and the permissions granted to the method's owner. If a proxy role is specified, the method executes with permissions restricted to those roles assigned by the proxy role. This is unarguably a good thing. What's not entirely clear is *why* super can't own, which is a separate issue. The power it has beyond that of a normal management user is the ability to traverse the site unrestricted by the security machinery. I actually don't think there's an answer to this question that has to do with method execution. I think the ultimate answer is one or a few of the following: "because," "shrug," "for audit trail purposes," or "so you don't shoot yourself in the foot," or "be quiet." :-) Alternately, the answer might lie in an unobvious implementation detail that none of us really want to think about.
This is *quite* important, and needs to stay. I don't know how to emphasize enough that this is a well thought out correction to an extremely deadly class of security problems that still (afaik) plagues many "other" through-the-web management systems.
I just can't think of any situations where having a method execute with the effective intersection of the permissions granted to superuser and the permissions granted to another user would cause more damage than a method executing with the effective intersection of the permissions granted to a normal management user and another user. Can you?
The newbie pain, however, could probably be mitigated- don't call it a Super user, since it hardly deserves the S or the cape. Have a user in the default install. Something like that.
I agree. This should happen soon. Chris McDonough Digital Creations, Publishers of Zope http://www.zope.org