[Zope3-Users] How to allow one user to access only his object

TAHARA Yusei yusei at domen.cx
Sat Oct 22 03:47:09 EDT 2005 

Hi.

At Fri, 21 Oct 2005 23:01:55 -0700,
Naotoshi Seo wrote:
> 
> I got another trouble. I succeeded to show edit.html, but I could not 
> edit actaully.
> 
> edit.html is an editview page. So, the html has post tag like
> <post action="http://.../messageboardobject/edit.html">
> Therefore, same traverser trys to receive this posted action, and trys 
> to check password again (actually, and id) to find message object.
> Therefore, I have to pass password and id which was posted before at 
> password.html using hidden field or some ways. Or, I have to specify 
> different page for <post action="">  . I have no idea how editview's 
> post action is working, so I am not sure specifying different page for 
> post action works, though.

I think that would be a different issue, you should separate a plan
from "prohibit visitors from to access edit.html".

ZCML's editform is not flexible, so it is hard to add one more field in
auto-generated form. If you want to do, you may need zope.formlib package.

But I have another idea. We can use session for making stateful application.
then user doesn't need to post his password again.

And this is a little trick make a container to show its content's editform.

"""
from zope.app.session.interfaces import ISession

PACKAGE_NAME = 'your application name'

class MessageEditView:

    def __init__(self, context, request):

        session = ISession(request)[PACKAGE_NAME]

        password = request.get('password')
        if password is None:
            password = session.get('password')

        message = getMessage(context, password) # please implement this:)

        session['password'] = password

        self.context = message # trick1
        self.request = request
        self._setUpWidgets()

<editform
    label="Edit Message"
    name="edit.html"
    for="IMessageBoard"
    schema="IMessage"  <------ trick2
    class="MessageEditView"
    permission="zope.ManageContent"
    menu="zmi_views"
    title="Edit Message"
    />
"""

-- 
Tahara Yusei
yusei at domen.cx

More information about the Zope3-users mailing list