[Zope3-Users] "Forbidden Attribute" errors whilst adapting to
schema
Rupert Redington
rupert at neontribe.co.uk
Fri Feb 3 06:43:44 EST 2006
Dominik Huber wrote:
> I prefer the trusted adapter because they encapslulate the adapter
> inside a security proxy. Then the trusted
> adapter has full access to the underlying object. That simplifies the
> security story very much because you handle it on the adation level. If
> you use locatable and trusted adapters everything works like you would
> access a regular content object.
That makes sense - though I'm not clear about how to make an adapter
"locatable" - which I think is the root cause of my next problem :(
When I apply the techniques which worked (with your help) in my
adaptertest case to the marginally more complex case I'm working on I'm
denied access to the editForm - the error page which appears when I
decline to authenticate contains nothing but "You're not allowed in
here" and the name of the first schema field specified in my
browser:editForm...
I made an attempt to remedy this by having my adapter implement
ILocation - but all that gains me is a failure to find __parent__ -
which is fair enough - since I can't see where I'd have got one from...
I'm at a loss to know why one example works and the other doesn't.
>
> Regular adapters do not provide an own security proxy but do wrap an
> security proxied
> content object. Everything coming from this security-proxied content
> object will get wrapped into a security-proxy too.
> Therefore your annotated object will be security-proxied. IMO it not
> possible to set permissions granularly to implementations on annotations
> level, because different application provide different permission
> declarations.
>
I see - there doesn't seem much application for regular adapters in the
sort of thing I'm trying to do at the moment.
Thanks once again.
Rupert
More information about the Zope3-users
mailing list