[Zope-CMF] CMF 1.4 release blockers (was: Re: [dev] some CMF 1.4beta1 issues)

Tres Seaver tseaver@zope.com
12 May 2003 14:03:08 -0400

On Mon, 2003-05-12 at 13:48, sean.upton@uniontrib.com wrote:

> IIRC, at the moment, it is impossible to do this in an access rule, given
> its pre-traversal nature?  Is this correct?

Yes;  access rules can't use "authenticated user" semantics, because
Zope2 defers actually authenticating the user until they try to access
an object which is protected.  For the general case, traversal won't
have triggered authentication yet.

> http://mail.zope.org/pipermail/zope-cmf/2002-September/015578.html

Tres Seaver                                tseaver@zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com