[Zope3-dev] Zope Policy x Grants
Sidnei da Silva
sidnei at plone.org
Thu Oct 30 14:42:33 EST 2003
Howdy,
I identified the following issue today:
If you grant a local role to a user, where this role has a given
permission, and a vocabulary, for example, or something
like that is protected by that permission, the user which was granted
a local role will not be able to get to it. Why? Because in
zope/app/security/zopepolicy.py, around line 153, we try to get the
context roles using a LocationIterator, but is possible that some
objects doesn't implement ILocation, like in this case
SimpleVocabulary.
I suggest making another version of SimpleVocabulary, which implements
ILocation and put it in zope.app.schema.vocabulary, much like
zope.publisher.browser.BrowserView x
zope.app.publisher.browser.BrowserView.
Anyone disagrees?
--
Sidnei da Silva <sidnei at awkly.org>
dreamcatching :: making your dreams come true
http://awkly.org
You are in the hall of the mountain king.
More information about the Zope3-dev
mailing list