[Zope3-Users] How to publicly add object to Zope component

Martin Margo mmargo at gmail.com
Fri Oct 28 18:54:35 EDT 2005


Martijn

thank you for responding. My response is below
2005/10/28, Martijn Faassen <faassen at infrae.com>:
> Martin Margo wrote:
> [snip]
> > How do I make <site>/+/AddConferenceGoer.html= publicly available
> > without being prompted for a password? Is there a configuration file
> > somewhere I can set this up?
>
> I've ran into this one. The problem is that the '+' view registered by
> Zope 3 is not allowing access by people who don't have Zope management
> permission.
>
> > Another point: I have tried granting zope.anybody Zope.ManageContent
> > permission and <site>/+/AddConferenceGoer.html is now available but
> > the user can manipulate the URL to go in and modify other people's
> > info.
>
> I don't think this is a very good approach, as you'd give zope.anybody
> an awful lot of rights all of a sudden.

I agree. I don't want to use this. I want to finegrained the
permission for edit and add. I want to be able to assign a certain
permission myown.Permission1 for add and myown.Permission2 (assuming
that the 2 keyword are in permission.zcml)

>
> Anyway, this is how you can register your own adding (+) view for a
> particular content type:
>
>    <view
>      for="path.to.ISomeInterface"
>      name="+"
>      class="zope.app.container.browser.adding.ContentAdding"
>      permission="myownPermission">
>    </view>

I tried this and it complains because the parameter type is missing.
Looking at von Weitershausen's book, identifier 'type' and 'factory'
are needed. What should the value be for those variable if I want to
overrride "+" view?

Thanks in advance

Martin
>
> of course if you make permission 'zope.Public', you'd still be exposing
> the add view for your particular content type (all the ones that
> implement ISomeInterface) to the whole world, so be careful not to do
> this to normal IFolder, for instance, unless you really really want that.
>
> Good luck!
>
> Regards,
>
> Martijn
>


More information about the Zope3-users mailing list