I forget if I submitted a collector issue about this before, but I didn't see it. I just posted one at <http://www.zope.org/Collectors/CMF/396>: Title: PortalFolder.py _verifyObjectPaste ignores executable security Version info: CMF 1.5.4 but also in trunk _verifyObjectPaste calls "sm.checkPermission(permission_name,self)" rather than "_checkPermission(permission_name,self)" This makes it ignore executable security. So, if _verifyObjectPaste is in an external method or in a script with sufficient proxy roles, it raises an Unauthorized error for users when the external method / proxy role security should suffice. On 9/9/05, Dieter Maurer <dieter@handshake.de> wrote:

George Lee wrote at 2005-9-8 23:57 -0400:

...

... Is it okay to just replace sm.checkPermission with _checkPermission from CMFCore.utils or is that not okay?

Yes. But, please file a bug report as well.

...

Also Dieter I noticed that Alan Runyan and you briefly discussed this issue back in 2002: http://mail.zope.org/pipermail/zope-cmf/2002-September/015350.html

Any internal use should always take executable security (i.e. executable ownership and proxy roles) into account. Not doing so is a but, as things expected to be possible are not and (maybe even worse) things expected to be impossible may be possible.

There may be a need for application code to check the permissions of the user with proxy roles not taken into account.

E.g. a script that must use a "Manager" roles to do one thing but does not want to do another unless the current user has specific permissions.

For this case, there also should be a method checking permissions with proxy roles not taken into account.

-- Dieter