[Zope-dev] Methods with no __roles__ defined no always protected?

[Chris Withers]

Hi,

Just doing Squishdot for 2.2 when I noticed the following:

The SquishSite class has a method called item_count() which is used on
one of the management pages. It currently isn't protected by any
permissions or __roles__ and yet it still works fine on the management
screen concerned.

I thought this sort of thing was supposed to throw up an unauthorized
error in 2.2?

cheers,

Chris

PS: It is now protected by a permission, but I can send anyone who cares
a version which isn't...