[Zope-CMF] declarative security bug?
seb bacon
seb@jamkit.com
Tue, 24 Jul 2001 20:43:01 +0100
Hi,
I think I've found a security bug, but it might be something unique to
my setup. However, I'm in a real mad dash this week so I haven't time
to check it in a vanilla install.
Why does this print "Manager"
security.declareProtected(AddPortalContent, 'parper')
def parper(self):
'parp'
print self.portal_membership.getAuthenticatedMember()
But this prints "Anonymous User"
security.declarePublic('parper')
def parper(self):
'parp'
print self.portal_membership.getAuthenticatedMember()
?
This is in a specialised Folder which subclasses PortalFolder, using
Zope 2.3.2 and CMF 1.1.
seb