Dominik Huber wrote:

> I prefer the trusted adapter because they encapslulate the adapter
> inside a security proxy. Then the trusted
> adapter has full access to the underlying object. That simplifies the
> security story very much because you handle it on the adation level. If
> you use locatable and trusted adapters everything works like you would
> access a regular content object.

That makes sense - though I'm not clear about how to make an adapter
"locatable" - which I think is the root cause of my next problem :(

When I apply the techniques which worked (with your help) in my
adaptertest case to the marginally more complex case I'm working on I'm
denied access to the editForm - the error page which appears when I
decline to authenticate contains nothing but "You're not allowed in
here" and the name of the first schema field specified in my

I made an attempt to remedy this by having my adapter implement
ILocation - but all that gains me is a failure to find __parent__  -
which is fair enough - since I can't see where I'd have got one from...

I'm at a loss to know why one example works and the other doesn't.

> Regular adapters do not provide an own security proxy but do wrap an
> security proxied
> content object. Everything coming from this security-proxied content
> object will get wrapped into a security-proxy too.
> Therefore your annotated object will be security-proxied. IMO it not
> possible to set permissions granularly to implementations on annotations
> level, because different application provide different permission
> declarations.

I see - there doesn't seem much application for regular adapters in the
sort of thing I'm trying to do at the moment.

Thanks once again.

Zope3-users mailing list

Reply via email to