Martijn Faassen wrote:
> 
> b) prevent someone from viewing something with a public view because 
> they don't have access to content-level methods and attributes. (which I 
> take is your "HTTP request as untrusted code" scenario). (alternate 
> strategies are Grok's, which has view-level security but allows 
> content-level declarations about what's accessible or not. But prominent 
> Grok users are clamoring for something closer to the traditional 
> approach with real content level protections)

Well, I like the idea of always having a back-stop on an object that 
says "I won't allow you to access bits of the current object that the 
user I currently think you're representing isn't allowed to access".

Stopping caring about rocks so much makes that no longer the case.

Chris

-- 
Simplistix - Content Management, Zope & Python Consulting
            - http://www.simplistix.co.uk
_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to