Preventing download of Document object
Hi, I am customising a product (Document Library). Normally, when you select the URL of one of the Document objects the contents of the document (msword, pdf file etc) is downloaded by the web browser. I want to be able to limit access to the document so that, say, an anomynous user can view... www.myzopesite.org/doclib/Documents/doc/show_extract ....but not... www.myzopesite.org/doclib/Documents/doc ...where doc is an object of the Document class in question. I can use __ac_permissions__ to authorize what methods can/can't be accessed in the Document class but how do I enable certain methods whilst barring access to the file contents of the document itself? Regards, Simon B.
From: Simon Blandford <home@simonb.org.uk>
I can use __ac_permissions__ to authorize what methods can/can't be accessed in the Document class but how do I enable certain methods whilst barring access to the file contents of the document itself?
Wouldn't that be the 'view' permission?
marc lindahl wrote:
From: Simon Blandford <home@simonb.org.uk>
I can use __ac_permissions__ to authorize what methods can/can't be accessed in the Document class but how do I enable certain methods whilst barring access to the file contents of the document itself?
Wouldn't that be the 'view' permission?
Err yes. But how do I create a Document object in python with this permission disabled? If I don't set the view flag for the whole Document Library then no one will be able to do anything with it Regards, Simon B.
From: Simon Blandford <home@simonb.org.uk>
Err yes. But how do I create a Document object in python with this permission disabled? If I don't set the view flag for the whole Document Library then no one will be able to do anything with it
Oh, I see.... In CMF this is easy :) Without it, I guess, you'd make another product, which just inherited everything from Document Library, then you could set permissions separately for that product.
Create a Product within a product? This is a snippet of the code to create the document... def addDocumentFile(self, REQUEST): """Adds a new document and sets its properties from a form based submission""" self=self.this() doc = Document.Document(title=REQUEST.title, container=self) self._setObject(doc.getId(), doc) doc = self._getOb(doc.getId()) What I need is for the new Document object to not be viewable by default. Regards, Simon B. marc lindahl wrote:
From: Simon Blandford <home@simonb.org.uk>
Err yes. But how do I create a Document object in python with this permission disabled? If I don't set the view flag for the whole Document Library then no one will be able to do anything with it
Oh, I see....
In CMF this is easy :)
Without it, I guess, you'd make another product, which just inherited everything from Document Library, then you could set permissions separately for that product.
GuardedFile might help, or at least looking at its code might ;-) http://www.pobox.org.sg/home/ngps/zope/gf/ Stefan On Mon, 1 Oct 2001, Simon Blandford wrote:
Create a Product within a product?
This is a snippet of the code to create the document... def addDocumentFile(self, REQUEST): """Adds a new document and sets its properties from a form based submission"""
self=self.this() doc = Document.Document(title=REQUEST.title, container=self) self._setObject(doc.getId(), doc) doc = self._getOb(doc.getId())
What I need is for the new Document object to not be viewable by default.
Hey everybody I have finally fixed it! It is one of those things that is so simple I wonder what I've been doing with my life the last few weeks I've been working on this. All I had to do was declare... def index_html(self): return ...in the Document class. Now it is possible to access the methods of the document but not the document directly. This fix is a bit dirty because I would really like to return a polite error message instead of the "Missing docstring at: http://blah.blah.blah/index_html" error I get at the moment. But that is not so important. I also added manage_FTPget=index_html at the end of the class definition to prevent access that way. Regards, Simon B. Stefan H. Holek wrote:
GuardedFile might help, or at least looking at its code might ;-) http://www.pobox.org.sg/home/ngps/zope/gf/
Stefan
On Mon, 1 Oct 2001, Simon Blandford wrote:
Create a Product within a product?
This is a snippet of the code to create the document... def addDocumentFile(self, REQUEST): """Adds a new document and sets its properties from a form based submission"""
self=self.this() doc = Document.Document(title=REQUEST.title, container=self) self._setObject(doc.getId(), doc) doc = self._getOb(doc.getId())
What I need is for the new Document object to not be viewable by default.
From: Simon Blandford <home@simonb.org.uk> Date: Mon, 01 Oct 2001 18:25:10 +0000 Cc: zope@zope.org Subject: Re: [Zope] Preventing download of Document object
Create a Product within a product?
No, a new product. WHen you add a ZClass you can inherit... inherit from the old one and just put in changes.... probably just renaming the permissions, so you can assign them separately.
participants (3)
-
marc lindahl -
Simon Blandford -
Stefan H. Holek