[BUG] "AccessControl.User.BasicUser.has_permission" is broken (was: Re: [Zope] how can I enforce my own Delete permission)
Dieter Maurer
dieter@handshake.de
Sun, 29 Jun 2003 20:22:47 +0200
robert wrote at 2003-6-29 08:53 +0200:
> ...
> changing to tuples did not help.
> In fact whatever I do, setting permissions or not, any user (with no role at
> all) does have the permission set.
> the script:
> u = context.acl_users.getUserById('ldf01')
> return u.has_permission('Delete ZehnderRequests',
> context['Ticket.2003-06-28.2211'])
>
> always returns 1
>
> any more hints ?
"AccessControl.User.BasicUser.has_permission" is broken.
It uses the currently authenticated user and
ignores its "self". Who did implement that :-((
Please file a bug report...
Use "has_role" instead:
u.has_role('Delete ZehnderRequests',context['Ticket.2003-06-28.2211'])
> robert
>
>
Dieter