[Zope] Re: Zope Digest, Vol 21, Issue 24
shulman at mathcamp.org
Thu Feb 16 12:43:29 EST 2006
On 2/16/06, zope-request at zope.org <zope-request at zope.org> wrote:
> The only change I recall to how proxy roles work is that proxy roles
> used to *augment* a users' roles; now they *replace* them.
> I don't know that the case you are talking about (S1 has proxy roles,
> calls protected S2 fine, but fails when calling PR-less S3 which calls
> S2) ever worked under either scenario. Proxy roles have always only
> been checked for the "topmost" object on the executable stack (S1 in the
> first example, S2 in the second).
Regardless of whether it used to work, I think it would be nice if it
did. Is there a reason for it not to be made to work? E.g. do
something like walk backwards through the call stack and as soon as
you find something that has proxy roles, use those, while if you don't
find any, use the user's roles.
More information about the Zope