Peter Bengtsson <[EMAIL PROTECTED]> wrote:
> Dieter Maurer <[EMAIL PROTECTED]> wrote:
> > Peter Bengtsson wrote at 2005-7-8 13:24 +0100:
> > >I've learnt that it's better to use getSecurityManager instead of
> > >REQUEST.AUTHENTICATED_USER
> > >because it's more secure. Other than that, what is the difference.
> > The security manager could be changed (e.g. with "newSecurityManager").
> > "getSecurityManager" would report the change but not "AUTHENTICATED_USER".
> "newSecurityManager" ??
> never heard of that. The __doc__ says
> """ Set up a new security context for a request for a user """
> What is this used for? I'm guessing it's something we use in unittests
> and stuff.
It's used whenever some code has to act "as if" it was another user.
The only use I find in core Zope code is when a temporary container for
session objects calls its notify method. It does so as an anonymous user
instead of the logged-in one.
But third-party code can use it too. CPS does, for instance.
Florent Guillaume, Nuxeo (Paris, France) CTO, Director of R&D
+33 1 40 33 71 59 http://nuxeo.com [EMAIL PROTECTED]
Zope maillist - Zope@zope.org
** No cross posts or HTML encoding! **
(Related lists -