[BUG] "AccessControl.User.BasicUser.has_permission" is broken (was: Re: [Zope] how can I enforce my own Delete permission)

robert wrote at 2003-6-29 08:53 +0200:

... changing to tuples did not help. In fact whatever I do, setting permissions or not, any user (with no role at all) does have the permission set. the script: u = context.acl_users.getUserById('ldf01') return u.has_permission('Delete ZehnderRequests', context['Ticket.2003-06-28.2211'])

always returns 1

any more hints ?

"AccessControl.User.BasicUser.has_permission" is broken. It uses the currently authenticated user and ignores its "self". Who did implement that :-(( Please file a bug report... Use "has_role" instead: u.has_role('Delete ZehnderRequests',context['Ticket.2003-06-28.2211'])

robert

Dieter