I remember that someone posted that question before, but I didn't find it.
So here it is again:

In the latest Zope versions, if a user has no rights to see a certain
management tab in the ZMI, it is shown anyway. If he clicks on it, he'll get
an authentication request, so the method behind the tab IS secured.

Is that a new feature or a bug?

I know that I can use filters to control which tabs are shown, but that one
is a bit painful compared with the old approach. E.g., instead of being able
to include all tabs from ObjectManager by adding
ObjectManager.manage_options to the manage_options, I'd have to add them one
by one and put filters in place for each tab.


Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to