[Zope-CMF] declarative security bug?

[seb bacon]

* Shane Hathaway <shane@digicool.com> [010724 22:32]:
> Jens Vagelpohl wrote:
> > it's actually not a bug but intended behavior which we might re-think
> > since quite a few people stumble over it and its side effects.
> 
> FYI We have taken the initiative and removed this quirk starting with
> Zope 2.4.0.  It was an optimization so rarely used that it really did no
> good (and got people confused!)

That's good :-) There's legitimate reasons why you might want to access
the AuthenticatedUser in a declaredPublic method.  For example, I made 
invokeFactory public because I wanted to defer the decision about
what a user is allowed to add to the factories themselves.  

seb