[Zope3-checkins] SVN:
Zope3/trunk/src/zope/app/dublincore/timeannotators.py Unwrap
DCadapter in time annotators.
Gary Poster
gary at zope.com
Sun Feb 27 05:21:43 EST 2005
On Feb 25, 2005, at 7:10 PM, Albertas Agejevas wrote:
>
> ...Imagine a forum where anonymous
> users post comments. Your suggestions imply that either DC write
> access will be public, or modification times will not be updated.
> This is bogus.
>
> A more plausible model would be if the event subscribers could be
> declared as "trusted" if they do system-level things, like updating
> the DC metadata or indexes.
Albertas, your use case sounds reasonable. On one hand, I think it
makes sense for a default Zope 3 app to *not* allow DC annotations if
you do not have write privileges to an object (for instance, if you
don't have have write access to an object it would seem surprising that
you could be last modifier to me, as an out-of-the-box behavior); but
on the other, it also might make sense for an app with your use case to
allow DC annotations.
Would making an override zcml registration of the DC annotation
subscriber in your package's zcml make sense for your app/package? It
could make the DC subscriber a trusted subscriber ("trusted='yes'"),
which does precisely what you want AFAICT. For the precise use case
you mentioned, you might even be able to register the trusted DC
subscriber only for the content types for which it makes sense (the
forum, I guess).
Does that sound like it might work? Even if this change goes in the
core, the zcml approach is more configurable and more accepted than a
hardcoded removeSecurityProxy call in the subscriber itself.
Gary
More information about the Zope3-Checkins
mailing list