Hi, I'm trying this: <dtml-call "calendar.mailaddresses.remove(REQUEST.mailaddress)"> where 'calendar' is a folder, 'mailaddresses' is a property of it (type is lines) and 'mailaddress' is a variable the DTML method received via an HTML form. After the request, the removed line entry seems to be gone. It's not shown in the ZMI or in my HTML site which shows me the mailaddresses. But if I restart Zope the removed line is there again. Also if I copy the folder, then the copy shows me the removed entry in its properties. Any suggestions? Thank you, Marcus
On Fri, 16 Jan 2004 18:33:25 +0100 GMT Marcus Bergmann asked the Zope mailinglist about the following:
I'm trying this:
<dtml-call "calendar.mailaddresses.remove(REQUEST.mailaddress)">
where 'calendar' is a folder, 'mailaddresses' is a property of it (type is lines) and 'mailaddress' is a variable the DTML method received via an HTML form.
After the request, the removed line entry seems to be gone. It's not shown in the ZMI or in my HTML site which shows me the mailaddresses. But if I restart Zope the removed line is there again. Also if I copy the folder, then the copy shows me the removed entry in its properties.
This is an issue with how persistence works. If you just change a mutable attribute, the ZODB does not know to update the object. something like this might work: tempaddresses = calendar.mailaddresses[:] tempaddresses.remove(REQUEST.mailaddress) calendar.mailaddresses = tempaddresses actually assigning a value to the property, not just changing it, should make Zope aware of the change. :) -- __________________________________________________________________ Geir Bækholt · Interaction Architect · Plone Solutions Development · Training · Support · http://www.plonesolutions.com __________________________________________________________________
Hey all - we've been banging our heads against this problem for the better part of a day now with no results, so I thought I'd try the list, since I couldn't turn up any results in the list archives that matched: We've got a Zope/Plone site where we want our customers to be able to log in, and be taken to their directory: /Customers/ CustomerA/ CustomerB/ ... That much works fine. The problem is that we need to set up permissions so that the customers can only see their own directory, i.e. CustomerA cannot go poking around in CustomerB's folder, were they to type in the correct URL (or by mistake) We've fiddled with various combinations of local roles and defining a new role - "Customer" to try and limit permissions, but we can't get it to work quite right. Perhaps we are not modifying the correct Permission? (We had been modifying the "view" permission). We'd like it so that when a user is logged in, he can go anywhere he pleases on the site as a user, except for the directories of other customers that are not his own. This seems like a simple problem, but Zope and GRUF just weren't working the way we were thinking I guess? Thanks for any assistance... -Jake
Jake Latham wrote at 2004-1-16 13:45 -0700:
... We've got a Zope/Plone site where we want our customers to be able to log in, and be taken to their directory:
/Customers/ CustomerA/ CustomerB/ ... That much works fine. The problem is that we need to set up permissions so that the customers can only see their own directory, i.e. CustomerA cannot go poking around in CustomerB's folder, were they to type in the correct URL (or by mistake)
We've fiddled with various combinations of local roles and defining a new role - "Customer" to try and limit permissions, but we can't get it to work quite right. Perhaps we are not modifying the correct Permission? (We had been modifying the "view" permission).
Viewing is usually controlled by 2 permissions: "View" and "Access contents information". I expect, your customers should be able to do more than just view their own object... When you describe clearer what you did and in what way this did not work, we may help you better. -- Dieter
Dieter - thanks for the reply. I was able to get the group thing working with just one additional "GroupMember" role. Basically, each GRUF group (Group_CustA, Group_CustB) takes on a local role of "GroupMember" within their own directory, and in that way, members of Group_CustA cannot get into the CustomerB/ folder, since they are not members of Group_CustB. However, there is an odd twist that I cannot figure out. when the URL is: http://blah.com/Customers/CustomerA/index_html everything works fine. However, when it is: http://blah.com/Customers/CustomerA/ the insufficient privileges message comes up for any user, even owners and managers. When I set all of the permissions to "Acquire", everybody can view the second URL just fine (which opens the index_html, as it should), but then, of course, no permission control is in place against the various customer folders. What is the permission at work that prevents users from viewing the index_html when the URL is in the second form? I assume Zope does some kind of forwarding from the directory to a default index document, but I cannot figure out which permission it is. As a workaround, I'm sure I can just make them link only to .../index_html, but that seems a bit kluge-y. Any help is appreciated... -Jake ----- Original Message ----- From: "Dieter Maurer" <dieter@handshake.de> To: "Jake Latham" <jlatham@datasplice.com> Cc: <zope@zope.org> Sent: Saturday, January 17, 2004 4:02 PM Subject: Re: [Zope] Need help with security and local roles w/ GRUF
Viewing is usually controlled by 2 permissions: "View" and "Access contents information". I expect, your customers should be able to do more than just view their own object...
When you describe clearer what you did and in what way this did not work, we may help you better.
Jake Latham wrote at 2004-1-16 13:45 -0700:
... We've got a Zope/Plone site where we want our customers to be able to log in, and be taken to their directory:
/Customers/ CustomerA/ CustomerB/ ... That much works fine. The problem is that we need to set up permissions so that the customers can only see their own directory, i.e. CustomerA cannot go poking around in CustomerB's folder, were they to type in the correct URL (or by mistake)
We've fiddled with various combinations of local roles and defining a new role - "Customer" to try and limit permissions, but we can't get it to work quite right. Perhaps we are not modifying the correct Permission? (We had been modifying the "view" permission).
Viewing is usually controlled by 2 permissions: "View" and "Access contents information". I expect, your customers should be able to do more than just view their own object...
When you describe clearer what you did and in what way this did not work, we may help you better.
-- Dieter
Marcus Bergmann wrote at 2004-1-16 18:33 +0100:
I'm trying this:
<dtml-call "calendar.mailaddresses.remove(REQUEST.mailaddress)">
where 'calendar' is a folder, 'mailaddresses' is a property of it (type is lines) and 'mailaddress' is a variable the DTML method received via an HTML form.
Always change things through the official API only! For properties, this is the "PropertyManager" API (documented in the embedded Zope online help). -- Dieter
participants (4)
-
Dieter Maurer -
Geir B�kholt -
Jake Latham -
Marcus Bergmann