[ZCM] [ZC] 1182/ 2 Resolve "security.setDefaultAccess crippled"
Collector: Zope Bugs, Features,
and Patches ...
zope-coders-admin at zope.org
Mon Jan 19 13:56:38 EST 2004
Issue #1182 Update (Resolve) "security.setDefaultAccess crippled"
Status Resolved, Zope/bug critical
To followup, visit:
http://collector.zope.org/Zope/1182
==============================================================
= Resolve - Entry #2 by jim on Jan 19, 2004 1:56 pm
Status: Pending => Resolved
I have reverted the changes to pass None rather than item keys.
Note that in the future (Zope 2.9) we will not support
distinguishing access based on mapping or sequence keys or indexes.
________________________________________
= Request - Entry #1 by Zen on Jan 14, 2004 9:59 pm
Uploaded: "AccessEg.py"
- http://collector.zope.org/Zope/1182/AccessEg.py/view
Before Zope 2.7.0 b4, products could use SecurityInfo.setDefaultAccess to set an access
control method. In beta 4, the 'name' parameter is being lost. This seems to be because
in a number of places (ZopeGuards.py line 70, PageTemplates/Expressions.py) the validate
method is being called with None passed as the 'name' parameter. This seems to be an explicit
change made as part of the recent security audit, but I can't find a change notice or comment
mentioning this.
I've attached an example product that triggers this issue.
==============================================================
More information about the Zope-Collector-Monitor
mailing list