Hi Martijn and Benji
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Benji York
> Sent: Tuesday, August 09, 2005 4:13 PM
> To: zope3-dev (E-mail)
> Subject: Re: [Zope3-dev] security frustrations
> Martijn Faassen wrote:
> > * after object creation but before the object is added,
> > various things are done to the object.
> > * authorization error: user cannot access various attributes.
> If these things are done by subscribers, would using trusted
> Benji York
> Senior Software Engineer
> Zope Corporation
Remember that you don't have a location and check security
isn't possible if you use subscribers in this state and if
you use it together with a local PAU.
A created object before added to a container doesn't provide
the parent attribute which is requiered for security checks
correctly in local sites. Perhaps you can do this in the after
add event from the container where you add the object.
END OF MESSAGE
Zope3-dev mailing list