Hi! I remember that someone posted that question before, but I didn't find it. So here it is again:
In the latest Zope versions, if a user has no rights to see a certain management tab in the ZMI, it is shown anyway. If he clicks on it, he'll get an authentication request, so the method behind the tab IS secured. Is that a new feature or a bug? I know that I can use filters to control which tabs are shown, but that one is a bit painful compared with the old approach. E.g., instead of being able to include all tabs from ObjectManager by adding ObjectManager.manage_options to the manage_options, I'd have to add them one by one and put filters in place for each tab. Joachim _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )