[Product-Developers] Re: Attribute: acl_users

Andreas Jung lists at zopyx.com
Wed Mar 17 18:48:32 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Suresh V. wrote:
> Andreas Jung wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Suresh V. wrote:
>>> Possible bug in Plone 3.3.4:
>>>
>>> If you had a folderish object in private state which had an 'acl_users'
>>> inside it and an anonymous user attempts to browse to the object you end
>>> up with "BadRequest" instead of "Unauthorized" from globalize() in
>>> ploneview.py which bubbles up from getToolByName() in
>>> CMFCore/PortalFolder.py.
>>>
>>
>> Why should a folderish object contain its own acl_users folder beside
>> the one of Plone. This is bad-practice.
> 
> You sure about that? I used to think that one of the wonderful things
> about Zope and Acquisition and fine grained security and all that was to
> be able to have an acl_users anywhere in the hierarchy - Is that not
> true any more????
>
We discussed that already in depth some weeks ago on the plone-users
list (read up on the subsites discussion).


- -aj
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkuhI/8ACgkQCJIWIbr9KYyNxQCdGvX/yPJSkssY6rcGRkBouQzS
jFkAoJpmOHHW2fO5vGa4Sp6c0hyEBnXp
=IwER
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: lists.vcf
Type: text/x-vcard
Size: 316 bytes
Desc: not available
URL: <http://lists.plone.org/pipermail/plone-product-developers/attachments/20100317/9d79c1e9/attachment.vcf>


More information about the Product-Developers mailing list