[Zope] SiteAccess doesnt have security :was [SiteAccess/TinyTablePlus perplexed]
Paul Zwarts
paz@oratrix.com
Fri, 23 Nov 2001 11:45:39 +0100
Trevor,
I'm pretty sure Dieter means replace the accessRule with an external
method. Reason being is because accessRules are almost like a
pre-request trigger. REQUEST seems to not have been asserted yet when
its run. Therefore there is no user yet as he said. In other words, even
anonymous user has not yet been assigned because the access rule is run
prior to everything else about rendering a page back in response. I've
tried to use accessrules to do work on session/user management but ran
into the same wall.
Paul Zwarts
-----Original Message-----
From: zope-admin@zope.org [mailto:zope-admin@zope.org] On Behalf Of
Trevor Toenjes
Sent: Thursday, November 22, 2001 8:21 PM
To: Dieter Maurer; Trevor Toenjes
Cc: zope@zope.org
Subject: [Zope] SiteAccess doesnt have security :was
[SiteAccess/TinyTablePlus perplexed]
> In the AccessRule there is not yet a security context
> (authenticated user).
> You can only access public objects. Maybe, an External Method
> is your best choice.
Is there a way to set a security context? I think I am missing the
point.
To clarify...Your suggestion implies that calling an external method
from
the AccessRule could work, or did you imply to replace the whole
AccessRule?
Thanks,
Trevor
_______________________________________________
Zope maillist - Zope@zope.org
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )