All, Yuppie asked a good question on zope-cmf today: Why doesn't Five support the <adapter /> directive's 'permission' attribute? Or does it? The underlying discussion is that CMF trunk has a traversal namespace adapter for add forms, that looks up the actual view to render as a named adapter on (context, request, fti), because the add view needs to know the FTI to construct the object. This means that we can't use <browser:page />, which means that security has to be applied manually with a ClassSecurityInfo/InitializeClass or (I presume) with a separate <class> <require /> </class> block. Is there a point in supporting the 'permission' (and, presumably, 'trusted') attributes of the <adapter /> directive in Zope 2? Martin -- Author of `Professional Plone Development`, a book for developers who want to work with Plone. See http://martinaspeli.net/plone-book