Peter Bengtsson  <[EMAIL PROTECTED]> wrote:
> Dieter Maurer <[EMAIL PROTECTED]> wrote:
> > Peter Bengtsson wrote at 2005-7-8 13:24 +0100:
> > >I've learnt that it's better to use getSecurityManager instead of
> > >because it's more secure. Other than that, what is the difference.
> > 
> > The security manager could be changed (e.g. with "newSecurityManager").
> > "getSecurityManager" would report the change but not "AUTHENTICATED_USER".
> > 
> "newSecurityManager" ??
> never heard of that. The __doc__ says
> """ Set up a new security context for a request for a user """
> What is this used for? I'm guessing it's something we use in unittests
> and stuff.

It's used whenever some code has to act "as if" it was another user.

The only use I find in core Zope code is when a temporary container for
session objects calls its notify method. It does so as an anonymous user
instead of the logged-in one.

But third-party code can use it too. CPS does, for instance.


Florent Guillaume, Nuxeo (Paris, France)   CTO, Director of R&D
+33 1 40 33 71 59   [EMAIL PROTECTED]
Zope maillist  -
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to