Details
-
Task
-
Status: Patch Available
-
Minor
-
Resolution: Unresolved
-
3.4.6, 3.5.0
-
None
-
None
-
None
Description
According to the Programmer's Guide:
Everyone implicitly has LOOKUP permission. This allows you to stat a node, but nothing more. (The problem is, if you want to call zoo_exists() on a node that doesn't exist, there is no permission to check.)
This implies that Exists has no security requirement, so the existing comment in FinalRequestProcessor
// TODO we need to figure out the security requirement for this!
can be removed.