On Friday 02 December 2005 18:03, Jeff Shell wrote: > Nobody knows? I'm bouncing this up to see if anyone has any input yet. > I had some other projects come up that put this on hold for a bit, but > just now looking at the code I realized I still need help. And before > I go through the joys of experimentation this weekend or early next > week with all of the combinations I ask here, I thought I'd float this > by again. The summary of what I say below is: I don't know how to > programatically deny zope.View to everybody. The implementation I > currently have challenges the visitor but then still allows access to > the object in question even if the HTTP auth challenge box is canceled > out of.
Oh yeah, and make sure that none of your other ZCML gives anonymous certain access. I think a Python session debugging the security check would be good as well. Maybe you should start writing a small doctest setting up the interaction and the views and the security and see what you get and get not working. It is much easier to reason about Python code. :-) Regards, Stephan -- Stephan Richter CBU Physics & Chemistry (B.S.) / Tufts Physics (Ph.D. student) Web2k - Web Software Design, Development and Training _______________________________________________ Zope3-users mailing list Zope3email@example.com http://mail.zope.org/mailman/listinfo/zope3-users