[Zope-dev] Re: Problems with Transparent Folder and Zope 2.3.3
Shane Hathaway
shane@digicool.com
Mon, 25 Jun 2001 10:15:52 -0400
On Monday 25 June 2001 04:47, Chris Withers wrote:
> Shane Hathaway wrote:
> > Again, it doesn't allow layers from outside the portal_skins tool
> > because of security considerations, not performance considerations.
>
> Erm... I know I'm being dense, but coudl you explain these again?
That's alright. Skins are chosen before authentication. If we allowed
skins outside the skins tool, people would expect security to apply (so
that, for example, only certain users get to use certain skins). But
since skins are chosen before authentication, you can either ignore
security or only allow anonymously accessible folders.
We chose to avoid the need for security checks in skin paths, since the
other route would have yielded unexpected behavior (only anonymously
accessible folders) and would have been slower.
BTW skins can't be chosen after authentication in the general sense so
don't ask. :-) You could make your own skins tool that chooses the path
after auth, but either ZPublisher or your user folder would have to be
patched to make it happen, but that's not an option for a release version
of CMF.
All of this may change in future versions.
Shane