On Mon, 2002-04-22 at 09:56, flemaitre@fede.generali.fr wrote:

Hello,

I'm using the tool "portal_metadata" in order to fix a policy of metadata for my site. But i have a problem : - I'm making a DTML form wich allow my users to modify the Elements of the "portal_metadata" instance - In this DTML form, i get the list of metadata elements by using : "portal_metada.listElementSpecs()" ==> Ok - I want to access (and to modify) the detail of these elements by using : * portal_metadata.getElementSpec(element='My metadata').isRequired() * portal_metadata.getElementSpec(element='My metadata').isMultiValued() * etc....

==> It doesn't work, Zope says "You are not authorized to access isMultiValued", but i'm "Manager" what does it mean ? From the ZMI, the form "metadataElementPolicies.dtml" (of CMFDefault) does the same thing, and it's work.... Why ?

The ZMI version is a class method, and hence operates as "trusted" code; it doesn't surface the bug you found. The 'getElementSpec' method returns the ElementSpec instance without wrapping it in itself, which means that your DTML method cannot do the security checks properly. If you would, please try the attached patch and see if it helps. Please report this as a bug to the tracker.

Excuse my english.... ;-)

Votre anglais est tres superieur de mon francais. :) Tres.