[Zope] Re: Giving access to error_log.showEntry to non-Manager users
Tres Seaver
tseaver at palladion.com
Tue Jan 16 14:21:34 EST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dieter Maurer wrote:
> Andreas Jung wrote at 2007-1-15 11:35 +0100:
>>
>> --On 15. Januar 2007 11:26:27 +0100 martin.gfeller at comit.ch wrote:
>>> The actual access error is on 'manage_page_header' - I append the error
>>> traceback.
>>>
>> Stuff that starts with 'manage_' always requires the Manager role.
>
> Where did you find this?
>
> In my view it is not and was never right...
> There is not special protection for objects the name of which
> starts with "manage_".
>
> A primary counter example are the hundreds of "constructors"
> registered with "initializeClass" which traditionally are
> named "manage_addXXXX[Form]" but are protected by "Add XXX permission"
> which are often not restricted to "Manager" only.
App.class_init.default__class_init__ requires 'Manager' role for methods
whose name is 'manage' and those which start with 'manage_', but only if
they were otherwise unprotected.
Tres.
- --
===================================================================
Tres Seaver +1 540-429-0999 tseaver at palladion.com
Palladion Software "Excellence by Design" http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFrSW++gerLs4ltQ4RAk71AKCGs18XZK4pHTRhzWUw6Zbq+w1s/gCeJp8/
iK8wyPgpLfqcxwLyt+0Z/KU=
=WQqR
-----END PGP SIGNATURE-----
More information about the Zope
mailing list