[Zope-dev] Five's implementation of Zope 3 security
Martin Aspeli
optilude at gmx.net
Tue Dec 9 08:41:05 EST 2008
All,
Yuppie asked a good question on zope-cmf today: Why doesn't Five support
the <adapter /> directive's 'permission' attribute? Or does it?
The underlying discussion is that CMF trunk has a traversal namespace
adapter for add forms, that looks up the actual view to render as a
named adapter on (context, request, fti), because the add view needs to
know the FTI to construct the object. This means that we can't use
<browser:page />, which means that security has to be applied manually
with a ClassSecurityInfo/InitializeClass or (I presume) with a separate
<class> <require /> </class> block.
Is there a point in supporting the 'permission' (and, presumably,
'trusted') attributes of the <adapter /> directive in Zope 2?
Martin
--
Author of `Professional Plone Development`, a book for developers who
want to work with Plone. See http://martinaspeli.net/plone-book
More information about the Zope-Dev
mailing list