[Zope] Reprise -- Manager Proxy Role ineffective for deleting/moving objects

George Lee georgeleejr at gmail.com
Fri Nov 18 23:24:05 EST 2005


I forget if I submitted a collector issue about this before, but I
didn't see it. I just posted one at
<http://www.zope.org/Collectors/CMF/396>:

Title: PortalFolder.py _verifyObjectPaste ignores executable security

Version info: CMF 1.5.4 but also in trunk

_verifyObjectPaste calls "sm.checkPermission(permission_name,self)"
rather than "_checkPermission(permission_name,self)"

This makes it ignore executable security. So, if _verifyObjectPaste is
in an external method or in a script with sufficient proxy roles, it
raises an Unauthorized error for users when the external method /
proxy role security should suffice.



On 9/9/05, Dieter Maurer <dieter at handshake.de> wrote:
> George Lee wrote at 2005-9-8 23:57 -0400:
> > ...
> >Is it okay to just replace sm.checkPermission with _checkPermission
> >from CMFCore.utils or is that not okay?
>
> Yes. But, please file a bug report as well.
>
> >Also Dieter I noticed that Alan Runyan and you briefly discussed this
> >issue back in 2002:
> >http://mail.zope.org/pipermail/zope-cmf/2002-September/015350.html
>
> Any internal use should always take executable security (i.e.
> executable ownership and proxy roles) into account.
> Not doing so is a but, as things expected to be possible are not
> and (maybe even worse) things expected to be impossible may
> be possible.
>
> There may be a need for application code to check the permissions
> of the user with proxy roles not taken into account.
>
>   E.g. a script that must use a "Manager" roles to do one
>   thing but does not want to do another unless the current
>   user has specific permissions.
>
> For this case, there also should be a method checking
> permissions with proxy roles not taken into account.
>
> --
> Dieter
>


More information about the Zope mailing list