[Zope-dev] Bug in User.py

Fri, 14 Apr 2000 03:42:22 +1000

There's an insufficiently guarded operation in User.py

    def allowed(self, parent, roles=None):
           ...
                        # This is a method, grab it's self.
                        parent=parent.im_self
                    if hasattr(parent, 'aq_inContextOf') and not
parent.aq_inContextOf(self.aq_parent.aq_parent,1):
                        if 'Shared' in roles:
                            # Damn, old role setting. Waaa
            ...

I've added the hasattr(parent, 'aq_inContextOf') to make sure that the
second clause is reasonable.

I'm not sure of the process of submitting fixes, etc, hopefully this
will go to the right place.