[Zope3-Users] How to publicly add object to Zope component
Martijn Faassen
faassen at infrae.com
Fri Oct 28 09:05:16 EDT 2005
Martin Margo wrote:
[snip]
> How do I make <site>/+/AddConferenceGoer.html= publicly available
> without being prompted for a password? Is there a configuration file
> somewhere I can set this up?
I've ran into this one. The problem is that the '+' view registered by
Zope 3 is not allowing access by people who don't have Zope management
permission.
> Another point: I have tried granting zope.anybody Zope.ManageContent
> permission and <site>/+/AddConferenceGoer.html is now available but
> the user can manipulate the URL to go in and modify other people's
> info.
I don't think this is a very good approach, as you'd give zope.anybody
an awful lot of rights all of a sudden.
Anyway, this is how you can register your own adding (+) view for a
particular content type:
<view
for="path.to.ISomeInterface"
name="+"
class="zope.app.container.browser.adding.ContentAdding"
permission="myownPermission">
</view>
of course if you make permission 'zope.Public', you'd still be exposing
the add view for your particular content type (all the ones that
implement ISomeInterface) to the whole world, so be careful not to do
this to normal IFolder, for instance, unless you really really want that.
Good luck!
Regards,
Martijn
More information about the Zope3-users
mailing list