[Zope-CMF] CMF add views and <browser:page />
yuppie
y.2008 at wcm-solutions.de
Mon Dec 8 12:59:32 EST 2008
Hi Martin!
Martin Aspeli wrote:
> [...]
>
> In CMFDefault, we have some base classes (tied to formlib) and we do
> manual security with a ClassSecurityInfo and InitializeClass(). This
> feels like a step backwards to me, at least in Plone, where we encourage
> people to use browser views with declarative (ZCML) security. It's
> difficult to explain that add forms are "special" so that they need to
> have manual security, explicit docstrings (for better or for worse), and
> be registered as an <adapter />, not a <browser:page />.
>
> Did we envisage a solution to this?
No.
> How about a new <cmf:addview />
> directive that mimics <browser:page />, but registers the
> (context,request,fti) adapter? I could probably put that together if
> people think it's a good idea.
CMF add views are different because they are looked up by a special
traverser, using the additional type info object. You have to be aware
of that. No matter if you use <adapter /> or <cmf:addview />.
It is not obvious why you have to use explicit Zope 2 style security for
add views and declarative Zope 3 style security for other views. But I'd
rather like to see the 'permission' attribute of <adapter /> implemented
for Zope 2 instead of a new <cmf:addview /> directive.
Cheers,
Yuppie
More information about the Zope-CMF
mailing list