[Zope-dev] I want to fix App.Management.Tabs.manage_workspace
Chris Withers
chris at withers.eclipse.co.uk
Mon Apr 19 05:16:08 EDT 2004
Hi there,
App.Management.Tabs.manage_workspace sucks as I've described in
http://zope.org/Collectors/Zope/1286:
1. manage_workspace is only protected by the Authenticated role, and that is
done directly, not even through a permission.
2. self.filtered_manage_roles then limits the options of what can be shown,
which might end up being nothing. But, because the method is only protected by
'Authenticated', no chance is given to specify other user credentials (say, from
a user folder higher up in the tree) which might be able to see something.
3. There's a bare try/except which masks errors. From what I can see, it should
ONLY catch IndexError's.
4. The "raise TypeError" could do with some explanation.
5. The Unauthorized could raise a more helpful message "You are not authorized
to view an of this object's management itnerface"
What do people feel about the right way to solve this? 3,4 and 5 I'm comfortable
with fixing, but I'm stumped as to what "the right thing" is to do on 1 and 2
which combine to create a thorny problem.
The semantics I want are: "Show the 1st management tab the user is allowed to
see, if they're not allowed to see anything, check if a user of the same name
further up the userfolder tree can see anything"
Is that right? If so, how do I go about implementing it? Finally, what branches
should I do this on?
cheers,
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope-Dev
mailing list