[Zope-dev] Post-Traversal Hook (+Post-Publication Hook)

Christian Theune ct at gocept.com
Fri Oct 17 05:05:03 EDT 2003


Hi,

I'm cleaning up the alternative BaseRequest for Zope 2.7 right now which
implements a post traversal hook (which will go into 2.8) and discovered
a small issue I would like to get some feedback from.

Originally the patch called all registered methods after the user has
been determined, but before eventually unauthorized is thrown. Therefore
the SecurityManager already could deliver the user object, but it is not
available within the REQUEST as the well known "AUTHENTICATED_USER".

Anyway, does anybody see a special reason to call the hooks 

a) before unauthorized
b) after complete successful authorization

I see that there could be two hooks make sense in there, but can't
decide for a single one. (My tummy tells me to go for the one after
complete authentication, so we have the complete REQUEST environment as
in opposition to site access rules.)

Also Dario Lopez-Kaesten came up with a request for a hook that is
called after the publication. Is there anybody objecting such a "post
publication hook"? Otherwise I would go for 

- implementing post-traversal variant b
- implementing a post-publication hook

Cheers,
Christian

PS: Looks a bit like I should write a proposal on this ...?

-- 
Christian Theune, gocept gmbh & co. kg
http://www.gocept.com - ct at gocept.com
fon: 03496 3099112 fax: 03496 3099118 mobile: 0179 7808366
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.zope.org/pipermail/zope-dev/attachments/20031017/86fb388c/attachment.bin


More information about the Zope-Dev mailing list