[Zope-Checkins] CVS: Zope/lib/python/AccessControl - Permissions.py:1.6
Shane Hathaway
shane@zope.com
Wed, 28 May 2003 10:51:13 -0400
Update of /cvs-repository/Zope/lib/python/AccessControl
In directory cvs.zope.org:/tmp/cvs-serv3087/AccessControl
Modified Files:
Permissions.py
Log Message:
Merge from 2_6 branch.
Jamie Heilman discovered it was possible for anonymous users to add
ZClass permission objects. The newly created permission objects had
no real effect on security, but anonymous users should not be able to
do this anyway, so this patch fixes the bug.
The problem was that PermissionManager never got initiatized. While I
was here, I took the opportunity to initialize other classes as well,
update the security declaration style, and apply the 'Define
permissions' permission.
=== Zope/lib/python/AccessControl/Permissions.py 1.5 => 1.6 ===
--- Zope/lib/python/AccessControl/Permissions.py:1.5 Wed Aug 14 17:29:07 2002
+++ Zope/lib/python/AccessControl/Permissions.py Wed May 28 10:51:13 2003
@@ -40,6 +40,7 @@
change_permissions='Change permissions'
change_proxy_roles='Change proxy roles'
create_class_instances='Create class instances'
+define_permissions='Define permissions'
delete_objects='Delete objects'
edit_factories='Edit Factories'
ftp_access='FTP access'