[Zope-CMF] CMF 1.4 release blockers (was: Re: [dev] some CMF
1.4beta1 issues)
Tres Seaver
tseaver@zope.com
12 May 2003 14:03:08 -0400
On Mon, 2003-05-12 at 13:48, sean.upton@uniontrib.com wrote:
> IIRC, at the moment, it is impossible to do this in an access rule, given
> its pre-traversal nature? Is this correct?
Yes; access rules can't use "authenticated user" semantics, because
Zope2 defers actually authenticating the user until they try to access
an object which is protected. For the general case, traversal won't
have triggered authentication yet.
> http://mail.zope.org/pipermail/zope-cmf/2002-September/015578.html
Tres.
--
===============================================================
Tres Seaver tseaver@zope.com
Zope Corporation "Zope Dealers" http://www.zope.com