31 Jan
2002
31 Jan
'02
5:36 p.m.
Something I'd like to figure out when I have time is, why does the security machinery fail in such ways when the object is not owned by a valid user ? The effective roles are the intersection of the current user's roles and the one of the executing object's owner. This is explained in the Zope Security documentation (--> zope.org).
Ah, ok, I found the reason. Here it is for others interested: http://www.zope.org//Members/jim/ZopeSecurity/ServerSideTrojan The notion of owner was introduced in Zope 2.2 just for this. Florent -- Florent Guillaume, Nuxeo (Paris, France) +33 1 40 33 79 10 http://nuxeo.com mailto:fg@nuxeo.com