[Zope-CMF] CMF 1.4 release blockers (was: Re: [dev] some CMF
Mon, 12 May 2003 11:34:14 -0700
Question about a workaround: In a custom user folder subclass of
BasicUserFolder (i.e. SimpleUserFolder or similar), couldn't one override
authorize() to call a TTW python script right after calling validate()?
Would calling changeSkin() from such a script at this point in the process
still work? Perhaps in future versions of Zope, it would be nice if there
could be some post-traversal equivalent to an access rule (or if an access
rule could have a pre-authorization and a post-authorization script if the
user-folder supported it)...
From: Tres Seaver [mailto:firstname.lastname@example.org]
Sent: Monday, May 12, 2003 11:03 AM
Cc: email@example.com; firstname.lastname@example.org; email@example.com;
firstname.lastname@example.org; email@example.com; firstname.lastname@example.org; email@example.com
Subject: RE: [Zope-CMF] CMF 1.4 release blockers (was: Re: [dev] some
CMF 1.4beta1 issues)
On Mon, 2003-05-12 at 13:48, firstname.lastname@example.org wrote:
> IIRC, at the moment, it is impossible to do this in an access rule, given
> its pre-traversal nature? Is this correct?
Yes; access rules can't use "authenticated user" semantics, because
Zope2 defers actually authenticating the user until they try to access
an object which is protected. For the general case, traversal won't
have triggered authentication yet.
Tres Seaver email@example.com
Zope Corporation "Zope Dealers" http://www.zope.com