[Zope] Re: Giving access to error_log.showEntry to non-Manager users

Tres Seaver tseaver at palladion.com
Tue Jan 16 14:21:34 EST 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dieter Maurer wrote:
> Andreas Jung wrote at 2007-1-15 11:35 +0100:
>>
>> --On 15. Januar 2007 11:26:27 +0100 martin.gfeller at comit.ch wrote:
>>> The actual access error is on 'manage_page_header' - I append the error
>>> traceback.
>>>
>> Stuff that starts with 'manage_' always requires the Manager role.
> 
> Where did you find this?
> 
>   In my view it is not and was never right...
>   There is not special protection for objects the name of which
>   starts with "manage_".
> 
>   A primary counter example are the hundreds of "constructors"
>   registered with "initializeClass" which traditionally are
>   named "manage_addXXXX[Form]" but are protected by "Add XXX permission"
>   which are often not restricted to "Manager" only.

App.class_init.default__class_init__ requires 'Manager' role for methods
whose name is 'manage' and those which start with 'manage_', but only if
they were otherwise unprotected.


Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFrSW++gerLs4ltQ4RAk71AKCGs18XZK4pHTRhzWUw6Zbq+w1s/gCeJp8/
iK8wyPgpLfqcxwLyt+0Z/KU=
=WQqR
-----END PGP SIGNATURE-----



More information about the Zope mailing list