[Product-Developers] Re: Attribute: acl_users
lists at zopyx.com
Wed Mar 17 18:48:32 UTC 2010
-----BEGIN PGP SIGNED MESSAGE-----
Suresh V. wrote:
> Andreas Jung wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> Suresh V. wrote:
>>> Possible bug in Plone 3.3.4:
>>> If you had a folderish object in private state which had an 'acl_users'
>>> inside it and an anonymous user attempts to browse to the object you end
>>> up with "BadRequest" instead of "Unauthorized" from globalize() in
>>> ploneview.py which bubbles up from getToolByName() in
>> Why should a folderish object contain its own acl_users folder beside
>> the one of Plone. This is bad-practice.
> You sure about that? I used to think that one of the wonderful things
> about Zope and Acquisition and fine grained security and all that was to
> be able to have an acl_users anywhere in the hierarchy - Is that not
> true any more????
We discussed that already in depth some weeks ago on the plone-users
list (read up on the subsites discussion).
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 316 bytes
Desc: not available
More information about the Product-Developers