small summary and big plea was:(Re: [Zope-dev] Versions: should
they die?)
Dieter Maurer
dieter@handshake.de
Tue, 10 Jun 2003 19:31:11 +0200
Shane Hathaway wrote at 2003-6-10 10:15 -0400:
> Brian Lloyd wrote:
> > FYI - we plan for this to be fixed in 2.6.2, preferably by fixing
> > the version machinery to require the "join / leave versions"
> > permission (which is assigned only to managers by default.
>
> It will be interesting to find out how this can be accomplished. To use
> a version, you have to specify the version at the time of opening the
> database. Before opening the database, the application has no access to
> user accounts, let alone security settings.
Let it open the version, perform the traversal and
after authentication, check that it was justified.
If not, abort the request.
Dieter