Dominik Huber wrote: > I prefer the trusted adapter because they encapslulate the adapter > inside a security proxy. Then the trusted > adapter has full access to the underlying object. That simplifies the > security story very much because you handle it on the adation level. If > you use locatable and trusted adapters everything works like you would > access a regular content object.
That makes sense - though I'm not clear about how to make an adapter "locatable" - which I think is the root cause of my next problem :( When I apply the techniques which worked (with your help) in my adaptertest case to the marginally more complex case I'm working on I'm denied access to the editForm - the error page which appears when I decline to authenticate contains nothing but "You're not allowed in here" and the name of the first schema field specified in my browser:editForm... I made an attempt to remedy this by having my adapter implement ILocation - but all that gains me is a failure to find __parent__ - which is fair enough - since I can't see where I'd have got one from... I'm at a loss to know why one example works and the other doesn't. > > Regular adapters do not provide an own security proxy but do wrap an > security proxied > content object. Everything coming from this security-proxied content > object will get wrapped into a security-proxy too. > Therefore your annotated object will be security-proxied. IMO it not > possible to set permissions granularly to implementations on annotations > level, because different application provide different permission > declarations. > I see - there doesn't seem much application for regular adapters in the sort of thing I'm trying to do at the moment. Thanks once again. Rupert _______________________________________________ Zope3-users mailing list Zope3firstname.lastname@example.org http://mail.zope.org/mailman/listinfo/zope3-users