[Zope-CMF] PortalContent permissions

seb bacon seb@jamkit.com
Tue, 17 Apr 2001 16:27:37 +0100 

* Shane Hathaway <shane@digicool.com> [010417 15:40]:
> On Tue, 17 Apr 2001, seb bacon wrote:
> 
> > Either it's not working the way it should, or I'm misunderstanding
> > something.  If I create a 'foo' method and add it as the first action
> > on a Type, with a permission mapped to something Manager-only, and
> > publish it, I still see the 'foo' as an anonymous user.
> >
> > I can't see any code in the TypesTool which provides for
> > mapping the permission in the 'actions' structure to actual
> > permissions.  How is this meant to work?
> 
> The permissions you set up in TypesTool are only meant to be "hints": if
> the user doesn't have the specified permission, they won't be shown the
> links to get to the view.  The views themselves are all in skins, so they
> can't be (and shouldn't be) protected directly.  Presumably somewhere else
> the user is actually restricted from accessing or using the information
> provided on the page.

OK, that makes sense: the security is applied at the functional rather
than display level.  However, it still seems inconsistent that
the ActionsTool filters out actions for which the user does not have
permission, yet the TypesTool ignores this information.  That's what
you're proposing to change, right?

> >
> > > What do you think it should do?  I was thinking it should first look for
> > > a "view" action, but if the user doesn't have access to it, it should
> > > look through the options in order and choose the first action the user
> > > is allowed to access.
> >
> > I can't think of any benefits to having a default view called 'view' -
> > it might be better to rely purely on the rank of the action, rather
> > than hardcoding in an exception to the rule, I think.
> 
>                  What *is* hardcoded is the "view" method of all portal
> content and the fact that it is exposed in URL's.  But we could find no
> way around that.
> 

I'm not sure I follow - I can't see where 'view' is hardcoded other
than in attributes such as:
  
  view = index_html  # Necessary for catalog searches.

...where index_html is computed as needed anyway.  Why can't 'view' just
be aliased to whatever the first action filtered by permission is, as
it would be in this case?

> >
> > > > And as a bonus question, what does the following, from PortalContent,
> > > > acheive?
> > > >
> > > >      index_html = ComputedAttribute(_index_html, 1)
> > >

<explanation snipped>

Thanks - elucidation much appreciated :)

seb