[BUG] "AccessControl.User.BasicUser.has_permission" is broken (was: Re: [Zope] how can I enforce my own Delete permission)
Sun, 29 Jun 2003 20:22:47 +0200
robert wrote at 2003-6-29 08:53 +0200:
> changing to tuples did not help.
> In fact whatever I do, setting permissions or not, any user (with no role at
> all) does have the permission set.
> the script:
> u = context.acl_users.getUserById('ldf01')
> return u.has_permission('Delete ZehnderRequests',
> always returns 1
> any more hints ?
"AccessControl.User.BasicUser.has_permission" is broken.
It uses the currently authenticated user and
ignores its "self". Who did implement that :-((
Please file a bug report...
Use "has_role" instead: