[Zope] Re: Re: Blocking Sibling inheritance

Dieter Maurer dieter at handshake.de
Wed Mar 9 13:23:53 EST 2005


Malcolm Cleaton wrote at 2005-3-9 10:59 +0000:
>The issue can be worked around more easily than this. It is only the magic
>"Authenticated" role which appears to suffer from this problem.

It should not be necessary:

   A user should not be able to access any *protected* (!) object
   outside the subhierarchy governed by the user folder
   that authenticated the user.

But maybe, we have a bug (and "aq_inContextOf" does not work
as expected).

-- 
Dieter


More information about the Zope mailing list