18 Feb
2005
18 Feb
'05
11:49 a.m.
Dieter Maurer wrote:
I already answered this question (implicitly) in an earlier message:
ZPublisher cannot use "restrictedTraverse" because authentication happens only at the end of traversal.
Up to this point, there is no user and "restrictedTraverse" is likely to fail.
Okay, but maybe this should change? I know it's caused you problems in the past and resulted in having to implement a post-traversal hook/hack... There's still one remaining question: What role-to-permissions mappings do you set so that no-one can access a particular object's contents, once they know its id? (ie: o-x) cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk