[Zope] has_permission for arbitrary user

Dieter Maurer dieter@handshake.de
Sat, 8 Sep 2001 19:35:12 +0200 (CEST)


Mark N. Gibson writes:
 > DM: ... I doubt that "User.has_permission" uses the authenticated
 >     user and not its "*self" ....
 > Here's the code for has_permission from the BasicUser Class
 > 
 >     def has_permission(self, permission, object):
 >         """Check to see if a user has a given permission on an object."""
 >         return getSecurityManager().checkPermission(permission, object)
 > 
 > Draw your own conclusions.
You convinced me.

A severe bug in my view -- very unintuitive, probably not documented...
Something for the collector...


Dieter