Hi there,
In working with Zope 3 to build an application, I repeatedly run into
the following situation:
* user gets a local role on a container
* object is created
* after object creation but before the object is added,
various things are done to the object.
* authorization error: user c
Martijn Faassen wrote:
* after object creation but before the object is added,
various things are done to the object.
> * authorization error: user cannot access various attributes.
If these things are done by subscribers, would using trusted subscribers
help?
--
Benji York
Senior Software
Hi Martijn and Benji
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] On
> Behalf Of Benji York
> Sent: Tuesday, August 09, 2005 4:13 PM
> To: zope3-dev (E-mail)
> Subject: Re: [Zope3-dev] security frustrations
>
> Martijn Faassen wrote:
> > * after object cr
Benji York wrote:
Martijn Faassen wrote:
* after object creation but before the object is added,
various things are done to the object.
> * authorization error: user cannot access various attributes.
If these things are done by subscribers, would using trusted subscribers
help?
I guess
Roger Ineichen wrote:
Remember that you don't have a location and check security
isn't possible if you use subscribers in this state and if
you use it together with a local PAU.
Roger, I'm afraid I don't fully understand your response, but perhaps it
will clarify things if I say that I intend
Does it work to just set __parent__ to the container? Or does the
zopesecuritypolicy require more accurate context?
Florent
Martijn Faassen wrote:
Hi there,
In working with Zope 3 to build an application, I repeatedly run into
the following situation:
* user gets a local role on a contain
Florent Guillaume wrote:
Does it work to just set __parent__ to the container? Or does the
zopesecuritypolicy require more accurate context?
I think that might work, though I've had previous problems with actually
being allowed to *set* the __parent__ to the container. :)
I would also be wor
