[Zope-CVS] CVS: Products/ExternalEditor - CHANGES.txt:1.27 ExternalEditor.py:1.16
Casey Duncan
casey@zope.com
Wed, 24 Jul 2002 22:55:39 -0400
Update of /cvs-repository/Products/ExternalEditor
In directory cvs.zope.org:/tmp/cvs-serv28116
Modified Files:
CHANGES.txt ExternalEditor.py
Log Message:
Added "Use external editor" permission so that non-managers can use it properly.
=== Products/ExternalEditor/CHANGES.txt 1.26 => 1.27 ===
External Editor Change Log
+ - External editing is now governed by the "Use external editor" permission
+ to allow non-managers to use it. Users must also have the permissions to
+ edit/modify the objects they edit, plus do WebDAV locking if desired.
+ Thanks to Reineke.
+
- Unix editor command line parsing is much more robust now and properly
handles quoted arguments. You can also specify the "$1" placeholder in the
editor command to denote where the content file name is inserted. If
=== Products/ExternalEditor/ExternalEditor.py 1.15 => 1.16 ===
from string import join # For Zope 2.3 compatibility
import Acquisition
+from Globals import InitializeClass
from AccessControl.SecurityManagement import getSecurityManager
+from AccessControl.SecurityInfo import ClassSecurityInfo
from webdav.common import rfc1123_date
from webdav import Lockable
from OFS import Image
@@ -28,6 +30,9 @@
ZopeEdit helper application
"""
+ security = ClassSecurityInfo()
+ security.declareObjectProtected('Use external editor')
+
def __before_publishing_traverse__(self, self2, request):
path = request['TraversalRequestNameStack']
target = path[-1]
@@ -47,9 +52,6 @@
# Handle objects that are methods in ZClasses
ob = parent.propertysheets.methods[REQUEST['target']]
- if not security.checkPermission('View management screen', ob):
- raise 'Unauthorized'
-
r = []
r.append('url:%s' % ob.absolute_url())
r.append('meta_type:%s' % ob.meta_type)
@@ -119,3 +121,5 @@
RESPONSE.setHeader('Content-Type', 'application/x-zope-edit')
return join(r, '\n')
+
+InitializeClass(ExternalEditor)