Hi Martijn and Benji > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Benji York > Sent: Tuesday, August 09, 2005 4:13 PM > To: zope3-dev (E-mail) > Subject: Re: [Zope3-dev] security frustrations > > Martijn Faassen wrote: > > * after object creation but before the object is added, > > various things are done to the object. > > > > * authorization error: user cannot access various attributes. > > If these things are done by subscribers, would using trusted > subscribers > help? > -- > Benji York > Senior Software Engineer > Zope Corporation
Remember that you don't have a location and check security isn't possible if you use subscribers in this state and if you use it together with a local PAU. A created object before added to a container doesn't provide the parent attribute which is requiered for security checks correctly in local sites. Perhaps you can do this in the after add event from the container where you add the object. Regards Roger Ineichen Projekt01 GmbH www.projekt01.ch _____________________________ END OF MESSAGE _______________________________________________ Zope3-dev mailing list [email protected] Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com
