Martijn Faassen wrote:
> b) prevent someone from viewing something with a public view because 
> they don't have access to content-level methods and attributes. (which I 
> take is your "HTTP request as untrusted code" scenario). (alternate 
> strategies are Grok's, which has view-level security but allows 
> content-level declarations about what's accessible or not. But prominent 
> Grok users are clamoring for something closer to the traditional 
> approach with real content level protections)

Well, I like the idea of always having a back-stop on an object that 
says "I won't allow you to access bits of the current object that the 
user I currently think you're representing isn't allowed to access".

Stopping caring about rocks so much makes that no longer the case.


Simplistix - Content Management, Zope & Python Consulting
Zope-Dev maillist  -
**  No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to