Hi Martijn and Benji  

> -----Original Message-----
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED] On 
> Behalf Of Benji York
> Sent: Tuesday, August 09, 2005 4:13 PM
> To: zope3-dev (E-mail)
> Subject: Re: [Zope3-dev] security frustrations
> 
> Martijn Faassen wrote:
> > * after object creation but before the object is added,
> >   various things are done to the object.
> >
>  > * authorization error: user cannot access various attributes.
> 
> If these things are done by subscribers, would using trusted 
> subscribers 
> help?
> -- 
> Benji York
> Senior Software Engineer
> Zope Corporation

Remember that you don't have a location and check security
isn't possible if you use subscribers in this state and if 
you use it together with a local PAU.

A created object before added to a container doesn't provide
the parent attribute which is requiered for security checks
correctly in local sites. Perhaps you can do this in the after 
add event from the container where you add the object.

Regards
Roger Ineichen

Projekt01 GmbH
www.projekt01.ch
_____________________________
END OF MESSAGE

_______________________________________________
Zope3-dev mailing list
Zope3-dev@zope.org
Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com

Reply via email to