[Zope-CMF] 'portal_metadata' tool in CVS
Tres Seaver
tseaver@digicool.com
Mon, 7 May 2001 07:55:07 -0400 (EDT)
On Sun, 6 May 2001, marc lindahl wrote:
> Another way occurred to me, is to make another type with
> portal_types, and restrict the access. But then I ran into a
> problem.
>
> I did this: Made a FTI type, called 'ManagerDocument' based on
> 'CMFDefault Document', and left everything the same, except in
> 'security' I unchecked 'inherit' on 'access contents
> information' and checked only 'manager', 'owner', 'reviewer'.
> Then, when logged in as just a Member, I get an Unauthorized
> error. There's a line in folder_factories, <dtml-in
> allowedContentTypes>, it looks like in PortalFolder.py, in
> that method, perhaps there has to be some kind of access
> checking, so that method doesn't try to access types without
> 'access contents information' available to that object? I'm a
> little lost...
The "Security" tab on your 'ManagerDocument' governs access to
the type object itself; because the 'folder_factories' method
expects to query each type object, your settings throw it off.
Try changing the loop to be:
<dtml-in allowedContentTypes skip_unauthorized>
Tres.
--
===============================================================
Tres Seaver tseaver@digicool.com
Digital Creations "Zope Dealers" http://www.zope.org