No permission to rename via FTP

Please provide a unittest for this patch.

The patch the way it is might break some stuff. Notice how in the original code there's also an empty string in the tuple, which is no longer part of the patched code.

I thought the empty string is useless. So I removed it.

What does it mean?

Well, if there's something in the code that has been there for years it's probably not wise to just rip it out without asking...

I'm not entirely sure what it's for, I would assume it is used when the object is accessed/rendered without any method specified so that index_html/__call__ fire.

'' is used to protect the object itself, as opposed to just a method.
Its modern spelling, which btw is used in Zope 2.10 now, is through declareObjectProtected.

If one doesn't know the precise semantics of __ac_permissions__, one shouldn't mess with it.

The patch for Zope 2.10 and trunk is even simpler (see below). I completely failed to get a unittest for the access permissions working though, so I'm not commiting this.

Index: ObjectManager.py
===================================================================
--- ObjectManager.py (revision 68642)
+++ ObjectManager.py (working copy)
@@ -703,6 +703,7 @@
                 out=out+((k,stat),)
         return marshal.dumps(out)

+ security.declareProtected(access_contents_information, 'manage_hasId')
     def manage_hasId(self, REQUEST):
         """ check if the folder has an object with REQUEST['id'] """

Adding a permission is harmless enough, this method is only used in one single place for FTP interaction, anyway. Since it is only used for FTP I gave it the permission "ftp_access" instead.

Zope 2.12 branch: http://svn.zope.org/?rev=114738&view=rev

Zope trunk: http://svn.zope.org/?rev=114739&view=rev