[Zope-CMF] Re: More skins (was Re: [Zope-dev] Re: Problems with Transparent Folder and Zope 2.3.3)

Shane Hathaway shane@digicool.com
Mon, 25 Jun 2001 10:37:47 -0400


On Monday 25 June 2001 10:31, Chris Withers wrote:
> Shane Hathaway wrote:
> > On Monday 25 June 2001 04:47, Chris Withers wrote:
> > > Shane Hathaway wrote:
> > > > Again, it doesn't allow layers from outside the portal_skins tool
> > > > because of security considerations, not performance
> > > > considerations.
> > >
> > > Erm... I know I'm being dense, but coudl you explain these again?
> >
> > That's alright.
>
> Hehe... you must be getting used to it by now ;-)
>
> > BTW skins can't be chosen after authentication in the general sense
> > so don't ask. :-)
>
> Ah, that's what I was after ;-) OK, because I can't ask whether skins
> could be chosen after authentication, can I instead ask why they can't?
> Only asking 'cos I'm interested and it feels like a good way to improve
> my Zope knowledge...

Okay.  The problem is that there are so few things we can hook.  There's 
__of__, which we hook now.  There are also BeforeTraverse hooks.  There's 
__getattr__, but that gets invoked without an acquisition wrapper.  I 
suppose __getattr__ could actually grab the security context and sneakily 
find the REQUEST that way... then it could be cookieless too.  I hadn't 
thought of that before.  I suppose one could create an alternate skins 
tool based on that.  Nobody's done that before, though.

Shane