[Zope] IPublishTraverse adapters and permissions

Sean Upton sdupton at gmail.com
Fri Mar 6 20:06:49 EST 2009


I've been scratching my head on this one, any help is appreciated:

I've been using a traversal adapter implementing IPublishTraverse with
an application I am developing, and I want to have certain behaviors
of my traversal adapter protected by CMF permissions I'm otherwise
using.

Right now, my adapter is registered in ZCML:

  <adapter
    for="sdut.cportal.interfaces.IPortalMediaAsset
zope.publisher.interfaces.http.IHTTPRequest"
    provides="zope.publisher.interfaces.IPublishTraverse"
    factory=".editvia.AssetTraverser"
    />

And my AssetTraverser subclasses Acquisition.Explicit, but I'm not
sure how to make this participate in the security machinery.  Ideally
I want to do this within AssetTraverser.publishTraverse():

sec = getSecurityManager()
sec.checkPermission(CMFCore.permissions.ModifyPortalContent, self.context)

But this will fail, likely for some acquisition voodoo I'm having
trouble figuring out (Five.BrowserView is somehow capable of dealing
with this scenario, but I'm not sure how to make my traversal adapter
do the same sort of thing).

Or, even more simply, I would love to be able to use
ClassSecurityInfo.declareProtected(permission, name) for some names my
traversal adapter will use (this does not do anything meaningful other
than generate warnings).  Any ideas/pointers appreciated.

Thanks,
Sean


More information about the Zope mailing list