[Zope] Don't delete your users without care...
Florent Guillaume
fg@nuxeo.com
Thu, 31 Jan 2002 17:36:59 +0000 (UTC)
> > Something I'd like to figure out when I have time is, why does the
> > security machinery fail in such ways when the object is not owned by a
> > valid user ?
> The effective roles are the intersection of the current user's roles
> and the one of the executing object's owner.
> This is explained in the Zope Security documentation (--> zope.org).
Ah, ok, I found the reason. Here it is for others interested:
http://www.zope.org//Members/jim/ZopeSecurity/ServerSideTrojan
The notion of owner was introduced in Zope 2.2 just for this.
Florent
--
Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 10 http://nuxeo.com mailto:fg@nuxeo.com