Trevor, I'm pretty sure Dieter means replace the accessRule with an external method. Reason being is because accessRules are almost like a pre-request trigger. REQUEST seems to not have been asserted yet when its run. Therefore there is no user yet as he said. In other words, even anonymous user has not yet been assigned because the access rule is run prior to everything else about rendering a page back in response. I've tried to use accessrules to do work on session/user management but ran into the same wall. Paul Zwarts -----Original Message----- From: zope-admin@zope.org [mailto:zope-admin@zope.org] On Behalf Of Trevor Toenjes Sent: Thursday, November 22, 2001 8:21 PM To: Dieter Maurer; Trevor Toenjes Cc: zope@zope.org Subject: [Zope] SiteAccess doesnt have security :was [SiteAccess/TinyTablePlus perplexed]
In the AccessRule there is not yet a security context (authenticated user). You can only access public objects. Maybe, an External Method is your best choice.
Is there a way to set a security context? I think I am missing the point. To clarify...Your suggestion implies that calling an external method from the AccessRule could work, or did you imply to replace the whole AccessRule? Thanks, Trevor _______________________________________________ Zope maillist - Zope@zope.org http://lists.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope-dev )