[Zope3-checkins] SVN:
Zope3/trunk/src/zope/app/dublincore/timeannotators.py Unwrap
DCadapter in time annotators.
Garrett Smith
garrett at mojave-corp.com
Fri Feb 25 17:58:24 EST 2005
We want to avoid using removeSecurityProxy -- this is bad practice. I
think your solution is two-fold:
- The annotator should either explicitly check before setting a DC attr,
or handle the Unauthorized with a no-op (IMO the later is preferable).
- You (IOW your app) should make sure any principal/role with the
zope.ManageContent permission also has zope.app.dublincore.change.
-- Garrett
Albertas Agejevas wrote:
> in time annotators.
>
>
> Log message for revision 29304:
> Unwrap DC adapter in time annotators.
> See issue http://www.zope.org/Collectors/Zope3-dev/373
>
>
> Changed:
> U Zope3/trunk/src/zope/app/dublincore/timeannotators.py
>
> -=-
> Modified: Zope3/trunk/src/zope/app/dublincore/timeannotators.py
> ===================================================================
> --- Zope3/trunk/src/zope/app/dublincore/timeannotators.py
2005-02-25
> 21:53:18 UTC (rev 29303) +++
> Zope3/trunk/src/zope/app/dublincore/timeannotators.py 2005-02-25
> 22:33:09 UTC (rev 29304) @@ -19,15 +19,24 @@
>
> from datetime import datetime
> from zope.app.dublincore.interfaces import IZopeDublinCore
> +from zope.security.proxy import removeSecurityProxy
>
> +
> def ModifiedAnnotator(event):
> dc = IZopeDublinCore(event.object, None)
> if dc is not None:
> + # Principals that can modify objects do not necessary have
> permissions + # to arbitrarily modify DC data, see issue 373
> + dc = removeSecurityProxy(dc)
> dc.modified = datetime.utcnow()
>
> +
> def CreatedAnnotator(event):
> dc = IZopeDublinCore(event.object, None)
> if dc is not None:
> + # Principals that can create objects do not necessary have
> permissions + # to arbitrarily modify DC data, see issue 373
> + dc = removeSecurityProxy(dc)
> now = datetime.utcnow()
> dc.created = now
> dc.modified = now
>
> _______________________________________________
> Zope3-Checkins mailing list
> Zope3-Checkins at zope.org
> http://mail.zope.org/mailman/listinfo/zope3-checkins
More information about the Zope3-Checkins
mailing list