[ZCM] [ZC] 526/ 7 Resolve "anonymous users can sometimes view historical revisions without View History or View management screens permissions"

Collector: Zope Bugs, Features, and Patches ... zope-coders-admin at zope.org
Sun Aug 8 04:23:37 EDT 2004 

Issue #526 Update (Resolve) "anonymous users can sometimes view historical revisions without View History or View management screens permissions"
 Status Resolved, Zope/bug medium
To followup, visit:
  http://zope.org/Collectors/Zope/526

==============================================================
= Resolve - Entry #7 by jens on Aug 8, 2004 4:23 am

 Status: Deferred => Resolved

Sounds good!

________________________________________
= Comment - Entry #6 by simon on Aug 7, 2004 5:11 pm

I just tried this again with Zope 2.7.0 and could not reproduce, so I'd close this. Thanks for checking.
________________________________________
= Defer - Entry #5 by chrisw on Jul 30, 2004 10:18 am

 Status: Pending => Deferred

Simon, can you still reproduce this?

I'd be suprised and would like to mak this issue as Resolved or Rejected atthe next bug day. Pleasse tell me which I should go for :-)
________________________________________
= Comment - Entry #4 by simon on Aug 18, 2002 1:39 am

In 511, the url ends in manage_workspace.
________________________________________
= Comment - Entry #3 by simon on Aug 17, 2002 4:20 pm

Let me clarify "sometimes": last time I tried this, which happened to be on zope 2.5.0, I found there was no permission that allowed anonymous to view a historical revision. 

Now I'm doing the same thing after an upgrade to zope 2.5.1 and finding that denying View History & View manage screens permissions does not prevent anonymous from viewing a revision.
Here's the example I'm looking at:
http://zwiki.org/FastChanges/HistoricalRevisions/838.54904.50933.61687/manage_main

________________________________________
= Comment - Entry #2 by simon on Aug 17, 2002 4:13 pm

Note different zope version, if this is real.
________________________________________
= Request - Entry #1 by simon on Aug 17, 2002 4:09 pm

Bizarre. Seems to be the reverse of http://collector.zope.org/Zope/511 .

==============================================================

More information about the Zope-Collector-Monitor mailing list