[BUG] "AccessControl.User.BasicUser.has_permission" is broken (was: Re: [Zope] how can I enforce my own Delete permission)

Dieter Maurer dieter@handshake.de
Sun, 29 Jun 2003 20:22:47 +0200


robert wrote at 2003-6-29 08:53 +0200:
 > ...
 > changing to tuples did not help.
 > In fact whatever I do, setting permissions or not,  any user (with no role at 
 > all) does have the permission set.
 > the script:
 > u = context.acl_users.getUserById('ldf01')
 > return u.has_permission('Delete ZehnderRequests', 
 > context['Ticket.2003-06-28.2211'])
 > 
 > always returns 1
 > 
 > any more hints ?

"AccessControl.User.BasicUser.has_permission" is broken.

  It uses the currently authenticated user and
  ignores its "self". Who did implement that :-((

Please file a bug report...


Use "has_role" instead:

    u.has_role('Delete ZehnderRequests',context['Ticket.2003-06-28.2211'])


 > robert
 > 
 > 


Dieter