Re: [Zope-dev] Security-Bug
On Wed, 8 May 2002 23:04:08 +0200 "Dieter Maurer" <[EMAIL PROTECTED]> wrote: > Andre Schubert writes: > > could this be a bug in the security-machinery? > > > > Lets say we have a role foo, this role has the permission to view the management >screens. > > Lets say we have a user bar which has the role foo. > > > > If i login into the ZMI a be able to go to > > Control_Panel/Products. > > And now if i want i be able to add a Zope Permission in every Product-Folder i >found. > > > > Testet with Zope 2.4.3 > > > > Do i have misset any security-permissions or is this really a bug? > I do not understand what your problem is... > > What does not work? > > > Dieter > If i have the permission to view the management screens i be able to add Zope Permissions... is this a security bug or not ? ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] Permissions
brian.r.brinegar.1 writes: > I would like to setup the security on a Zope server such that a user can > edit permissions on something they own, but not grant more permissions > than what they have acquired from the parent. This is not covered by the current security framework. But, surely, you can implement it, if you are ready to make some compromises. E.g. it will be somewhat difficult, to automatically revoke permissions granted by a user, when his own permissions are later restricted. Your task is non-trivial... Dieter ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
