Please keep the mailing list in the loop, others may have insights too. On 23. mar. 2007, at 15.37, Garito wrote:
If you read the link I put, you could read I can create (with CrearFuncionalidad) but not delete it (with BorrarFuncionalidad) that seems to have the same security necessities
Return a callable from your traverser (so return the __call__, don't call it yourself). The publisher will call it for you after the user has been authenticated.
As Dieter said __bobo_traverse__ can't return strings or ints for that I create (as he tall me, thanks again) a wrapper that returns the rendered code
Fine, that's what I ment. But your wrapper should implement a __call__ method. The publisher will call that method at a time where security *has* been set up. Do make sure that you wrap your wrapper in the correct security context though: class Wrapper(Acquisition.Implicit): def __call__(self): # Things that need a security context need to be done here. return getSecurityManager().getAuthenticatedUser().getId() class SomeItem(SimpleItem): def __bobo_traverse__(self, REQUEST, name): if name == 'Wrapper': return Wrapper().__of__(self) else: return getattr(self, name) This way the security policies can still look up the security context. -- Martijn Pieters