[Zope-PAS] PropertiedUser role checking
Wichert Akkerman
wichert at wiggy.net
Fri Apr 21 04:26:49 EDT 2006
(I can't find any link to the issue tracker at
http://www.zope.org/Products/PluggableAuthService so I'll just post this
here)
looking at the allowed method for PropertiedUser there are a few
possible return values:
1 - one of the allowed roles is allowed
0 - object is outside the acquisition context of the user, so abort
further checks
None - none of the allowed roles is found
then handling of 0 versus None seems confused: when checking for roles
None is returned if the object is outside the acquisition context, but
when checking local roles 0 is returned. Shouldn't 0 be returned in both
places?
Wichert.
--
Wichert Akkerman <wichert at wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
More information about the Zope-PAS
mailing list