rossp@ppc.ucsc.edu wrote at 2003-6-20 17:01 -0700:

I have a bunch of classes and objects that have a boolean 'active' attribute that gets set on and off variously throughout my code. I also have a 'View Inactive' permission that I use in some of my own object listing methods.

But what I really want is to be able to control the AccessControl validation. I would like to be able to say that if an object is active (its 'active' attribute is on) that someone who has the 'View' permission can visit it. If the object is inactive, however, I would like to be able to say that someone who doesn't have the 'View Inactive' permission can't visit it.

It would seem that this could be fairly easily accomplished with something like manage_beforeDelete, manage_beforeValidate for example, where I can reject the validation before the rest of the checks are made. Niether the docs, nor googling, nor reading the source, nor pestering #zope has yielded anything so far so here I am pestering the list.

Any ideas? Thanks.

The architecture provides a hook for this. Zope fill the hook with "ZopeSecurityPolicy". Look at the source to determine how you can provide your own hook. Dieter