[Zope3-Users] "Forbidden Attribute" errors whilst adapting to
schema
Dominik Huber
dominik.huber at perse.ch
Fri Feb 3 06:14:37 EST 2006
Rupert Redington wrote:
>Dominik Huber wrote:
>
>
>>Rupert Redington wrote:
>>
>>
>>
>>> <adapter
>>> for=".interfaces.ILink"
>>> provides=".interfaces.ILinkDetails"
>>> factory=".link.LinkDetails"
>>> trusted="True"
>>> />
>>>
>>>
>>>
>>>
>>if you use trusted adapters you have to declare an additional class or
>>content directive for the adapter itself.:
>>
>> <class class=".link.LinkDetails">
>> <require
>> permission="zope.View"
>> interface=".interfaces.ILinkDetails"
>> />
>> <require
>> permission="zope.ManageContent"
>> set_schema=".interfaces.ILinkDetails"
>> />
>> </class>
>>
>>regards,
>>dominik
>>
>>
>>
>
>Thank you - thats an instafix.
>
>I only added the "trusted" declaration to get round an earlier error in
>which the adapter couldn't access the objects annotations...
>
>Am I right in thinking that a trusted adapter isn't really necessary for
>this sort of use?
>
I prefer the trusted adapter because they encapslulate the adapter
inside a security proxy. Then the trusted
adapter has full access to the underlying object. That simplifies the
security story very much because you handle it on the adation level. If
you use locatable and trusted adapters everything works like you would
access a regular content object.
Regular adapters do not provide an own security proxy but do wrap an
security proxied
content object. Everything coming from this security-proxied content
object will get wrapped into a security-proxy too.
Therefore your annotated object will be security-proxied. IMO it not
possible to set permissions granularly to implementations on annotations
level, because different application provide different permission
declarations.
>How would one then aviod being denied access to the
>annotations?
>
You have to specify the class-directive for the annotated object itself.
Regards,
Dominik
More information about the Zope3-users
mailing list