> 1. manage_workspace is only protected by the Authenticated role, and that
> is done directly, not even through a permission.
WONTFIX, this is *by design*.
> 2. self.filtered_manage_roles then limits the options of what can be
> shown, which might end up being nothing. But, because the method is only
> protected by 'Authenticated', no chance is given to specify other user
> credentials (say, from a user folder higher up in the tree) which might
> be able to see something.
NOTABUG. *Nothing* in Zope behaves as you describe. Once you are authenticated, your identity is fixed for the duration of the request.
> 3. There's a bare try/except which masks errors. From what I can see, it
> should ONLY catch IndexError's.
SHOULDFIX. This part should be fixed by removing the 'try:...except:' altogether. If the list returned by 'filtered_manage_options' is empty, then raise Unauthorized.
> 4. The "raise TypeError" could do with some explanation.
NOTABUG. That check avoids a potential recursion loop.
> 5. The Unauthorized could raise a more helpful message "You are not
> authorized to view an of this object's management itnerface"
Why expose more information? Unauthorized says, "You tried to do something you aren't allowed; please authenticate as someone else", which is all we want.
> 1. manage_workspace is only protected by the Authenticated role, and that
> is done directly, not even through a permission.
WONTFIX, this is *by design*.
> 2. self.filtered_ manage_ roles then limits the options of what can be
> shown, which might end up being nothing. But, because the method is only
> protected by 'Authenticated', no chance is given to specify other user
> credentials (say, from a user folder higher up in the tree) which might
> be able to see something.
NOTABUG. *Nothing* in Zope behaves as you describe. Once you are authenticated, your identity is fixed for the duration of the request.
> 3. There's a bare try/except which masks errors. From what I can see, it
> should ONLY catch IndexError's.
SHOULDFIX. This part should be fixed by removing the 'try:...except:' altogether. If the list returned by 'filtered_ manage_ options' is empty, then raise Unauthorized.
> 4. The "raise TypeError" could do with some explanation.
NOTABUG. That check avoids a potential recursion loop.
> 5. The Unauthorized could raise a more helpful message "You are not
> authorized to view an of this object's management itnerface"
Why expose more information? Unauthorized says, "You tried to do something you aren't allowed; please authenticate as someone else", which is all we want.