I remember that someone posted that question before, but I didn't find it.
So here it is again:
In the latest Zope versions, if a user has no rights to see a certain
management tab in the ZMI, it is shown anyway. If he clicks on it, he'll get
an authentication request, so the method behind the tab IS secured.
Is that a new feature or a bug?
I know that I can use filters to control which tabs are shown, but that one
is a bit painful compared with the old approach. E.g., instead of being able
to include all tabs from ObjectManager by adding
ObjectManager.manage_options to the manage_options, I'd have to add them one
by one and put filters in place for each tab.
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -