It would be good to see this in the core :-) Are you looking to do that at any stage? Chris Dieter Maurer wrote:
In some case, you want to take special actions once the user has been determined at the end of traversal. You may, e.g., want to deny Manager role to any non HTTPS request.
This patch adds support for a *post authentication hook*. It adds code to the 'validated_hook', called when the user is successfully authenticated. The code tries to acquire an object 'post_authentication_hook' from 'request.PARENTS[0]'. If this is successful, it calls this object with the arguments 'request' and 'user'. Usually, this call will raise Unauthorized when it has objections against the request.
Download: <http://www.dieter.handshake.de/pyprojects/zope/postauth.pat>
Dieter
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )