Please keep the mailing list in the loop, others may have insights too.

On 23. mar. 2007, at 15.37, Garito wrote:
> If you read the link I put, you could read I can create (with
> CrearFuncionalidad) but not delete it (with BorrarFuncionalidad) that seems
> to have the same security necessities

Return a callable from your traverser (so return the __call__, don't
call it yourself). The publisher will call it for you after the user
has been authenticated.

As Dieter said __bobo_traverse__ can't return strings or ints for that I create (as he tall me, thanks again) a wrapper that returns the rendered code

Fine, that's what I ment. But your wrapper should implement a __call__ method. The publisher will call that method at a time where security *has* been set up.

Do make sure that you wrap your wrapper in the correct security context though:

class Wrapper(Acquisition.Implicit):
    def __call__(self):
        # Things that need a security context need to be done here.
        return getSecurityManager().getAuthenticatedUser().getId()

class SomeItem(SimpleItem):
    def __bobo_traverse__(self, REQUEST, name):
        if name == 'Wrapper':
            return Wrapper().__of__(self)
            return getattr(self, name)

This way the security policies can still look up the security context.

Martijn Pieters
Zope maillist  -
**   No cross posts or HTML encoding!  **
(Related lists - )

Reply via email to