Andreas Jung wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Suresh V. wrote:
Possible bug in Plone 3.3.4:
If you had a folderish object in private state which had an 'acl_users'
inside it and an anonymous user attempts to browse to the object you end
up with "BadRequest" instead of "Unauthorized" from globalize() in
ploneview.py which bubbles up from getToolByName() in
CMFCore/PortalFolder.py.
Why should a folderish object contain its own acl_users folder beside
the one of Plone. This is bad-practice.
You sure about that? I used to think that one of the wonderful things
about Zope and Acquisition and fine grained security and all that was to
be able to have an acl_users anywhere in the hierarchy - Is that not
true any more????
_______________________________________________
Product-Developers mailing list
[email protected]
http://lists.plone.org/mailman/listinfo/product-developers
