[Zope-CMF] CMF 1.4 release blockers (was: Re: [dev] some CMF
12 May 2003 14:03:08 -0400
On Mon, 2003-05-12 at 13:48, email@example.com wrote:
> IIRC, at the moment, it is impossible to do this in an access rule, given
> its pre-traversal nature? Is this correct?
Yes; access rules can't use "authenticated user" semantics, because
Zope2 defers actually authenticating the user until they try to access
an object which is protected. For the general case, traversal won't
have triggered authentication yet.
Tres Seaver firstname.lastname@example.org
Zope Corporation "Zope Dealers" http://www.zope.com