[Zope3-Users] How to allow one user to access only his object
Naotoshi Seo
sonots at sonots.com
Sat Oct 22 00:59:56 EDT 2005
Hi.
I made a traverser for Message objects also, and I prohibited access to
editview.html at there. It worked.
Thank you, TAHARA.
from zope.publisher.interfaces import NotFound
from zope.app import zapi
from zope.app.container.traversal import ContainerTraverser
from zope.publisher.interfaces import IPublishTraverse
class MessageBoardTraverser(ContainerTraverser):
__used_for__ = IMessageBoard
def publishTraverse(self, request, name):
if name == 'edit.html':
subob = self._guessTraverse(request, name)
if subob is not None:
view = zapi.queryMultiAdapter((subob, request), name=name)
if view is not None:
return view
raise NotFound(subob, name, request)
return super(ConferenceTraverser,
self).publishTraverse(request, name)
def _guessTraverse(self, request, name):
msgs = IMessageBoard(self.context).items()
passwd = request['field.passwd']
for name, msg in msgs:
if passwd == msg.passwd:
return msg
return None
class MessageTraverser(object):
implements(IPublishTraverse)
__used__for__ = IMessage
def __init__(self, context, request):
self.context = context
self.request = request
def publishTraverse(self, request, name):
if name == 'edit.html':
raise NotFound(self.context, name, request)
view = zapi.queryMultiAdapter((self.context, request), name=name)
if view is not None:
return view
raise NotFound(self.context, name, request)
More information about the Zope3-users
mailing list