Martijn Faassen wrote:
> b) prevent someone from viewing something with a public view because
> they don't have access to content-level methods and attributes. (which I
> take is your "HTTP request as untrusted code" scenario). (alternate
> strategies are Grok's, which has view-level security but allows
> content-level declarations about what's accessible or not. But prominent
> Grok users are clamoring for something closer to the traditional
> approach with real content level protections)
Well, I like the idea of always having a back-stop on an object that
says "I won't allow you to access bits of the current object that the
user I currently think you're representing isn't allowed to access".
Stopping caring about rocks so much makes that no longer the case.
Simplistix - Content Management, Zope & Python Consulting
Zope-Dev maillist - Zope-Dev@zope.org
** No cross posts or HTML encoding! **
(Related lists -