Martijn Faassen wrote:
b) prevent someone from viewing something with a public view because they don't have access to content-level methods and attributes. (which I take is your "HTTP request as untrusted code" scenario). (alternate strategies are Grok's, which has view-level security but allows content-level declarations about what's accessible or not. But prominent Grok users are clamoring for something closer to the traditional approach with real content level protections)
Well, I like the idea of always having a back-stop on an object that says "I won't allow you to access bits of the current object that the user I currently think you're representing isn't allowed to access". Stopping caring about rocks so much makes that no longer the case. Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk