[Product-Developers] Re: Attribute: acl_users

Suresh V. suresh_vv at yahoo.com
Wed Mar 17 18:18:00 UTC 2010

Andreas Jung wrote:
> Hash: SHA1
> Suresh V. wrote:
>> Possible bug in Plone 3.3.4:
>> If you had a folderish object in private state which had an 'acl_users'
>> inside it and an anonymous user attempts to browse to the object you end
>> up with "BadRequest" instead of "Unauthorized" from globalize() in
>> ploneview.py which bubbles up from getToolByName() in
>> CMFCore/PortalFolder.py.
> Why should a folderish object contain its own acl_users folder beside
> the one of Plone. This is bad-practice.

You sure about that? I used to think that one of the wonderful things 
about Zope and Acquisition and fine grained security and all that was to 
be able to have an acl_users anywhere in the hierarchy - Is that not 
true any more????

More information about the Product-Developers mailing list