[Zope-CVS] CVS: Products/ExternalEditor - CHANGES.txt:1.27 ExternalEditor.py:1.16

Casey Duncan casey@zope.com
Wed, 24 Jul 2002 22:55:39 -0400


Update of /cvs-repository/Products/ExternalEditor
In directory cvs.zope.org:/tmp/cvs-serv28116

Modified Files:
	CHANGES.txt ExternalEditor.py 
Log Message:
Added "Use external editor" permission so that non-managers can use it properly.


=== Products/ExternalEditor/CHANGES.txt 1.26 => 1.27 ===
 External Editor Change Log
 
+    - External editing is now governed by the "Use external editor" permission
+      to allow non-managers to use it. Users must also have the permissions to
+      edit/modify the objects they edit, plus do WebDAV locking if desired.
+      Thanks to Reineke.
+
     - Unix editor command line parsing is much more robust now and properly
       handles quoted arguments. You can also specify the "$1" placeholder in the
       editor command to denote where the content file name is inserted. If


=== Products/ExternalEditor/ExternalEditor.py 1.15 => 1.16 ===
 
 from string import join # For Zope 2.3 compatibility
 import Acquisition
+from Globals import InitializeClass
 from AccessControl.SecurityManagement import getSecurityManager
+from AccessControl.SecurityInfo import ClassSecurityInfo
 from webdav.common import rfc1123_date
 from webdav import Lockable
 from OFS import Image
@@ -28,6 +30,9 @@
        ZopeEdit helper application
     """
     
+    security = ClassSecurityInfo()
+    security.declareObjectProtected('Use external editor')
+    
     def __before_publishing_traverse__(self, self2, request):
         path = request['TraversalRequestNameStack']
         target = path[-1]
@@ -47,9 +52,6 @@
             # Handle objects that are methods in ZClasses
             ob = parent.propertysheets.methods[REQUEST['target']]
         
-        if not security.checkPermission('View management screen', ob):
-            raise 'Unauthorized'
-        
         r = []
         r.append('url:%s' % ob.absolute_url())
         r.append('meta_type:%s' % ob.meta_type)
@@ -119,3 +121,5 @@
         
         RESPONSE.setHeader('Content-Type', 'application/x-zope-edit')    
         return join(r, '\n')
+
+InitializeClass(ExternalEditor)