On Thu, 12 Apr 2001, Tim McLaughlin wrote:
> Ok, so imagine a DTML method has an owner, and as the docs say the method
> can do no more than the authenticated user and the owner's permissions
> combined. So, now delete the owner.
No, it is the *intersection* of the two ownership sets, not the union
("combined").
> The DTML method will no longer be functional, since the owner does not
> exist, and has no permissions. I found this to be true with ZClass
Not quite. It will execute as if it were owned by nobody (the anonymous
user). So it has very minimal privileges.
> constructors at least. I believe that the method should take the
> permissions of the authenticated_user only in this scenario, but it does
> not.
Like I said (and the docs say), it is the interesection of the two
sets of privileges, so it is effectively just the permissions of
user nobody.
--RDM
_______________________________________________
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
