[Zope-dev] [zope2] Help needed with security checks and add views
Hanno Schlichting
hanno at hannosch.eu
Fri Jul 9 04:12:22 EDT 2010
On Thu, Jul 8, 2010 at 3:02 PM, Martin Aspeli <optilude+lists at gmail.com> wrote:
>> Ideally I'd love to add support for the permission attribute, as
>> clearly people have been using it. But if there's nobody who can
>> figure out how to do that, I'd at least like to clarify the add view
>> case.
>
> Why can't we just copy the relevant code from the browser:page directive?
>
> The ViewSecurityGrokker in
> http://svn.zope.org/five.grok/trunk/src/five/grok/meta.py?rev=112163&view=auto
> may be useful reading too. It should be doing the same thing, no?
It seems you have some idea about this code, so are you volunteering
to implement this?
Since we are dealing with a disclosed real security vulnerability
here, I need to have some resolution by next Tuesday. Either that is
disabling the functionality or protecting it with some security.
Hanno
More information about the Zope-Dev
mailing list