It looks strange to me too. Please report this in the Collector, http://collector.zope.org/Zope Florent Maik Jablonski <maik.jablonski@uni-bielefeld.de> wrote:
I played with the following code in a dtml-method to check if a user has a certain permission (e.g. "Manage Properties"):
<dtml-var "_.SecurityGetUser().has_permission('Manage Properties',this())">
This results in 1 if the User has the permission or None if not... everything is fine so far.
But when I do check for a nonexisting permission, like:
<dtml-var "_.SecurityGetUser().has_permission('Really Unknown PermisionXXX',this())">
the result would be 1 too... What is the reason for this SecurityPolicy? Why not an exception? Or 0?
thank you for advice
Maik Jablonski. -- Florent Guillaume, Nuxeo (Paris, France) +33 1 40 33 79 10 http://nuxeo.com mailto:fg@nuxeo.com