5 Feb
2002
5 Feb
'02
6:05 p.m.
Hi! I remember that someone posted that question before, but I didn't find it. So here it is again: In the latest Zope versions, if a user has no rights to see a certain management tab in the ZMI, it is shown anyway. If he clicks on it, he'll get an authentication request, so the method behind the tab IS secured. Is that a new feature or a bug? I know that I can use filters to control which tabs are shown, but that one is a bit painful compared with the old approach. E.g., instead of being able to include all tabs from ObjectManager by adding ObjectManager.manage_options to the manage_options, I'd have to add them one by one and put filters in place for each tab. Joachim