[Zope-CMF] declarative security bug?
seb bacon
seb@jamkit.com
Wed, 25 Jul 2001 10:30:48 +0100
* Shane Hathaway <shane@digicool.com> [010724 22:32]:
> Jens Vagelpohl wrote:
> > it's actually not a bug but intended behavior which we might re-think
> > since quite a few people stumble over it and its side effects.
>
> FYI We have taken the initiative and removed this quirk starting with
> Zope 2.4.0. It was an optimization so rarely used that it really did no
> good (and got people confused!)
That's good :-) There's legitimate reasons why you might want to access
the AuthenticatedUser in a declaredPublic method. For example, I made
invokeFactory public because I wanted to defer the decision about
what a user is allowed to add to the factories themselves.
seb