On Wed, 20 Jun 2001 00:27:29 -0700 (PDT), Dirksen <dirksen_lau@yahoo.com> wrote:
I'm developing a Zope product myContainer. It has a traverse hook like this: def __bobo_traverse__(self, REQUEST, name): return MyObj(name)
MyObj is a transient wrapper class, its properties are populated from a db. Say I've created an instance of the container in Zodb as myContainer, I can visit this url: http://localhost/myContainer/someObj/index_html
But when I visit this as the Manager: http://localhost/myContainer/someObj/manage_workspace
Zope throws out an authorization box. I have to log in as emergency super user to be able to visit any methods prefixed as 'manage_' under someObj.
Is there something missing in my hook?
If you want the transient object to participate in the security system, using the same security settings as the object that creates it ('someObj') then you need def __bobo_traverse__(self, REQUEST, name): return MyObj(name).__of__(self) and for MyObj to be derived from a Acquisition.Implicit (or equivalent) Toby Dickenson tdickenson@geminidataloggers.com