security for ZPT-based Product
How can I manage permissions for imported ZPT files? Relevant lines from my Product: from AccessControl import ClassSecurityInfo class MyClass(....): security=ClassSecurityInfo() comment_add_form=PageTemplateFile('zpt/comment_add_form',globals()) My goal is to limit access to comment_add_form to the Authenticated role only. comment_add_form is on the filesystem, in my Product's zpt directory. How can I achieve this? I understand zilch about ClassSecurityInfo... (My Product is based on JMBoring template) -- Milos Prudek http://www.spoxdesign.com - your web usability testing
On 11.Jul 2005 - 18:27:57, Milos Prudek wrote:
How can I manage permissions for imported ZPT files?
Relevant lines from my Product:
from AccessControl import ClassSecurityInfo class MyClass(....): security=ClassSecurityInfo() comment_add_form=PageTemplateFile('zpt/comment_add_form',globals())
My goal is to limit access to comment_add_form to the Authenticated role only. comment_add_form is on the filesystem, in my Product's zpt directory.
add a security.declareProtected('comment_add_form', '<right that is granted to Authenticated users only>') Where the second string would be one of the rights listed on the security tab with in the ZMI. If that right is granted to the authenticated user only, you have your access restrictions. Andreas -- Don't hate yourself in the morning -- sleep till noon.
On 11 Jul 2005, at 17:41, Andreas Pakulat wrote:
add a security.declareProtected('comment_add_form', '<right that is granted to Authenticated users only>')
Where the second string would be one of the rights listed on the security tab with in the ZMI. If that right is granted to the authenticated user only, you have your access restrictions.
It's the other way around. Permission first, then the method name. jens
On 11.Jul 2005 - 17:49:16, Jens Vagelpohl wrote:
On 11 Jul 2005, at 17:41, Andreas Pakulat wrote:
add a security.declareProtected('comment_add_form', '<right that is granted to Authenticated users only>') Where the second string would be one of the rights listed on the security tab with in the ZMI. If that right is granted to the authenticated user only, you have your access restrictions.
It's the other way around. Permission first, then the method name.
Right, checked an old (wrong) file in my product. Sorry for the mistake. Andreas -- You are standing on my toes.
Right, checked an old (wrong) file in my product. Sorry for the mistake.
Yes, it works. Problems solved. Thank you Andreas and Jens. -- Milos Prudek http://www.spoxdesign.com - your web usability testing
participants (3)
-
Andreas Pakulat -
Jens Vagelpohl -
Milos Prudek