[Zope] Stuck with newSecurityManager in an access rule

Dieter Maurer dieter at handshake.de
Fri Sep 5 22:04:11 EDT 2003


Gilles Lenfant wrote at 2003-9-4 17:03 +0200:
 > I used successfully newSecurityManager in a Product to change dynamically
 > the user during a transaction (running some methods as owner).
 > 
 > I tried to use this to change dynamically the user in a special folder
 > hierarchy based on a request parameter.
 > For doing this in this folder, I made standard user folder, a Python script
 > as access rule that calls an external method like this...
 > ....
 > The newSecurityManager is executed but seems to have no effect on the user
 > during the rest of the transaction :

Zope does almost no security checks during traversal
(exception: TTW code in AccessRules).

At the end of traversal, it perform an authentication.
This Zope code is quite old -- from a time as there have been
no AccessRules and therefore no preset user.

Therefore, it does not expect the user could already been set
and overwrites whatever is there with the result of its
standard authentication.


Dieter



More information about the Zope mailing list