Re[2]: [Zope-CMF] Permission problem with type actions
Rainer Thaden
Rainer Thaden <thadi@gmx.de>
Thu, 10 Jul 2003 09:37:05 +0200
Hi Dieter,
DM> Rainer Thaden wrote at 2003-7-9 16:20 +0200:
DM> > i have some Filesystem based classes in CMF which have a View, edit
DM> > form and edit action.
DM> > When an instance of such a class is private and i try to access the
DM> > url of the instance as anonymous i get a login prompt.
DM> > But when i append the name of the action (etc. url/edit_form) i can
DM> > access it as anonymous.
DM> You probably hit a security hole...
I tested this with a private document on cmf.zope.org.
You can access http://cmf.zope.org/Members/rthaden/test/document_view
but not http://cmf.zope.org/Members/rthaden/test
So it's not a problem of my site.
DM> Please file a bug report.
Hm, never did this.
I found the collector.zope.org site. It seems there's no special
collector for CMF, right?
I'll try to file it in the collector.
--
Regards,
Rainer mailto:thadi@gmx.de