[Product-Developers] Re: Attribute: acl_users
Suresh V.
suresh_vv at yahoo.com
Wed Mar 17 18:18:00 UTC 2010
Andreas Jung wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Suresh V. wrote:
>> Possible bug in Plone 3.3.4:
>>
>> If you had a folderish object in private state which had an 'acl_users'
>> inside it and an anonymous user attempts to browse to the object you end
>> up with "BadRequest" instead of "Unauthorized" from globalize() in
>> ploneview.py which bubbles up from getToolByName() in
>> CMFCore/PortalFolder.py.
>>
>
> Why should a folderish object contain its own acl_users folder beside
> the one of Plone. This is bad-practice.
You sure about that? I used to think that one of the wonderful things
about Zope and Acquisition and fine grained security and all that was to
be able to have an acl_users anywhere in the hierarchy - Is that not
true any more????
More information about the Product-Developers
mailing list