[Zope3-Users] How to allow one user to access only his object
Naotoshi Seo
sonots at sonots.com
Fri Oct 21 20:02:31 EDT 2005
Hi.
>>At this post method, do I redirect to a URL like
>>./edit.html?field.passwd=KDJFKJA ? It is not cool. Are there any ways?
>
> Why you don't post to "edit.html" from "password.html"?
Yes, it worked. It seems I was being confused.
> zapi.queryView has been deprecated. You should use queryMultiAdapter.
> queryMultiAdapter((self.context, request), name=name)
Okay, but, why returning a message object (subob) does not work? I just
want to know. It is weird.
> if MessageBoardTraverser works well, you can protect "edit.html"
> from invalid access.
It seems I was misunderstanding again. Yes, it prohibited the direct
access http://localhost:8080/messageboardobject/messageobject/edit.html,
rather, it prohibits all access under /messageobject/.
I have other views like
http://.../messageboardobject/messageobject/show.html. So, I added codes
to publishTraverse() by imitating parent's ContainerTraverse like
def publishTraverse(self, request, name):
if name == 'edit.html':
subob = self._guessTraverse(request, name)
if subob is not None:
view = zapi.queryMultiAdapter((subob, request),
name=name)
if view is not None:
return view
raise NotFound(subob, name, request)
else:
subob = self.context.get(name, None)
if subob is None:
view = zapi.queryMultiAdapter((self.context, request),
name=name)
if view is not None:
return view
raise NotFound(self.context, name, request)
return subob
After 'else:' this is traversing everything if there is accesses like
'messageboardobject/messageobject/show.html' except
'messageboardobject/edit.html'.
Is this the most efficient way?
And, why returning subob works here, and it did not work before (inside
of 'if name == 'edit.html':'). How should I understand what returning
subob does. This is optional question. If you know this, please let me
know. Thanks.
More information about the Zope3-users
mailing list