Adding objects requires permission zope.app.dublincore.change
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zope 3 |
Fix Released
|
High
|
Unassigned |
Bug Description
Suppose we have a permission 'schoolbell.create' that lets users create objects.
If a user that has this permission try to add an object with an add form, he gets
an error:
[...]
File "Zope3/
return [subscription(
File "Zope3/
dc.modified = datetime.utcnow()
Unauthorized: (<zope.
Suggested solution: unwrap the dc adapter with removeSecurityProxy in the IObjectModified
I'll commit this solution in a few moments as it keeps my functional tests from passing. The solution will not have tests as the situation requires a lot of setup to reproduce.
Suggested fix committed in revision 29304.