[Zope] =?iso-8859-1?Q?R=E9f=2E_=3A_Re=3A_[Zope-CMF]_[HELP]_Use_of_=22portal?= =?us-ascii?Q?=5Fmetadata?= =?us-ascii?Q?=22_?= =?us-ascii?Q?in?= a DTML file

flemaitre@fede.generali.fr flemaitre@fede.generali.fr
Tue, 23 Apr 2002 10:27:32 +0200


Message en plusieurs parties au format MIME
--=_alternative 002EB66AC1256BA4_=
Content-Type: text/plain; charset="us-ascii"

On Mon, 2002-04-22 at 09:56, flemaitre@fede.generali.fr wrote:
> Hello,
> 
> I'm using the tool "portal_metadata"  in order to fix a policy of 
metadata 
> for my site.
> But i have a problem :
>         - I'm making a DTML form wich allow my users to modify the 
> Elements of the "portal_metadata" instance
>         - In this DTML form, i get the list of metadata elements by 
using 
> : "portal_metada.listElementSpecs()" ==> Ok
>         - I want to access (and to modify) the detail of these elements 
by 
> using :
>                 * portal_metadata.getElementSpec(element='My 
> metadata').isRequired()
>                 * portal_metadata.getElementSpec(element='My 
> metadata').isMultiValued()
>                 * etc....
> 
>          ==> It doesn't work, Zope says "You are not authorized to 
access 
> isMultiValued", but i'm "Manager" what does it mean ?
>         From the ZMI, the form "metadataElementPolicies.dtml" (of 
> CMFDefault) does the same thing, and it's work.... Why ?

The ZMI version is a class method, and hence operates as "trusted" code;
it doesn't surface the bug you found.  The 'getElementSpec' method
returns the ElementSpec instance without wrapping it in itself, which
means that your DTML method cannot do the security checks properly.

If you would, please try the attached patch and see if it helps.

Please report this as a bug to the tracker.

> Excuse my english.... ;-)

Votre anglais est tres superieur de mon francais. :)

Tres.

--=_alternative 002EB66AC1256BA4_=
Content-Type: text/html; charset="us-ascii"


<br>
<br><font size=2 face="Courier New">On Mon, 2002-04-22 at 09:56, flemaitre@fede.generali.fr wrote:<br>
&gt; Hello,<br>
&gt; <br>
&gt; I'm using the tool &quot;portal_metadata&quot; &nbsp;in order to fix a policy of metadata <br>
&gt; for my site.<br>
&gt; But i have a problem :<br>
&gt; &nbsp; &nbsp; &nbsp; &nbsp; - I'm making a DTML form wich allow my users to modify the <br>
&gt; Elements of the &quot;portal_metadata&quot; instance<br>
&gt; &nbsp; &nbsp; &nbsp; &nbsp; - In this DTML form, i get the list of metadata elements by using <br>
&gt; : &quot;portal_metada.listElementSpecs()&quot; ==&gt; Ok<br>
&gt; &nbsp; &nbsp; &nbsp; &nbsp; - I want to access (and to modify) the detail of these elements by <br>
&gt; using :<br>
&gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; * portal_metadata.getElementSpec(element='My <br>
&gt; metadata').isRequired()<br>
&gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; * portal_metadata.getElementSpec(element='My <br>
&gt; metadata').isMultiValued()<br>
&gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; * etc....<br>
&gt; <br>
&gt; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;==&gt; It doesn't work, Zope says &quot;You are not authorized to access <br>
&gt; isMultiValued&quot;, but i'm &quot;Manager&quot; what does it mean ?<br>
&gt; &nbsp; &nbsp; &nbsp; &nbsp; From the ZMI, the form &quot;metadataElementPolicies.dtml&quot; (of <br>
&gt; CMFDefault) does the same thing, and it's work.... Why ?<br>
<br>
The ZMI version is a class method, and hence operates as &quot;trusted&quot; code;<br>
it doesn't surface the bug you found. &nbsp;The 'getElementSpec' method<br>
returns the ElementSpec instance without wrapping it in itself, which<br>
means that your DTML method cannot do the security checks properly.<br>
<br>
If you would, please try the attached patch and see if it helps.<br>
<br>
Please report this as a bug to the tracker.<br>
<br>
&gt; Excuse my english.... ;-)<br>
<br>
Votre anglais est tres superieur de mon francais. :)<br>
<br>
Tres.</font>
<br>
--=_alternative 002EB66AC1256BA4_=--