Hi, I ended up in overriding the permission storage map. This might not be so conservative, but seems to work. Kills any not ALLOWED permission and stops propagation.
ALLOWED = ['zope.View', 'zope.app.dublincore.view', ...] class trashPermManager(AnnotationPrincipalPermissionManager): def getSetting(self, permission_id, principal_id, default=Unset): if permission_id in ALLOWED: return AnnotationPrincipalPermissionManager.getSetting( self, permission_id, principal_id, default) else: return Deny <adapter for=".interfaces.ITrashContainer" provides="zope.app.securitypolicy.interfaces.IPrincipalPermissionMap" factory=".adapter.trashPermManager" /> > In a similar use-case, yes, I set up all relevant permissions for a `new > arrival` using a subscriber - including denying permissions on > sub-objects. I felt that being explicit about my security design was a > good decision. > Hope that helps. > Darryl -- Best regards, Adam mailto:[EMAIL PROTECTED] _______________________________________________ Zope3-dev mailing list Zope3-dev@zope.org Unsub: http://mail.zope.org/mailman/options/zope3-dev/archive%40mail-archive.com