[Zope-CMF] 'portal_metadata' tool in CVS

Tres Seaver tseaver@digicool.com
Mon, 7 May 2001 07:55:07 -0400 (EDT)


On Sun, 6 May 2001, marc lindahl wrote:

> Another way occurred to me, is to make another type with
> portal_types, and restrict the access.  But then I ran into a
> problem.
> 
> I did this:  Made a FTI type, called 'ManagerDocument' based on
> 'CMFDefault Document', and left everything the same, except in
> 'security' I unchecked 'inherit' on 'access contents
> information' and checked only 'manager', 'owner', 'reviewer'.
> Then, when logged in as just a Member, I get an Unauthorized
> error.  There's a line in folder_factories, <dtml-in
> allowedContentTypes>,   it looks like in PortalFolder.py, in
> that method, perhaps there has to be some kind of access
> checking, so that method doesn't try to access types without
> 'access contents information' available to that object?  I'm a
> little lost...

The "Security" tab on your 'ManagerDocument' governs access to
the type object itself;  because the 'folder_factories' method
expects to query each type object, your settings throw it off.
Try changing the loop to be:

  <dtml-in allowedContentTypes skip_unauthorized>

Tres.
-- 
===============================================================
Tres Seaver                                tseaver@digicool.com
Digital Creations     "Zope Dealers"       http://www.zope.org