[Zope3-Users] Re: lack of security declaration: bug or feature?

Lorenzo Gil Sanchez lgs at sicem.biz
Wed Nov 7 17:33:26 EST 2007


Oh, I didn't know you could use the 'attributes' attribute in the
require directive! It looks quite useful and fits perfectly in this
case.

Thanks for your answers to this newbie!

Lorenzo

El lun, 05-11-2007 a las 13:10 +0100, Thierry Florac escribió:
> Le lundi 05 novembre 2007 à 12:35 +0100, Lorenzo Gil Sanchez a écrit :
> > Oh, that's true indeed. It's a shame IOrderedContainer is defined as
> > inheriting from IContainer because I can't declare a permission for the
> > updateOrder method in an independent way. Something like: I want Public
> > permission for reading an ordered folder and I want ManageContent
> > permission for writing *and* changing the folder order.
> 
> I've done this configuration, which seems OK for me until now :
> 
> <class class=".MyOrderedContainer">
>     <implements
>         interface="zope.annotation.interfaces.IAttributeAnnotatable" />
>     <require
>         interface="zope.app.container.interfaces.IReadContainer"
>         permission="zope.View" />
>     <require
>         interface="zope.app.container.interfaces.IWriteContainer"
>         attributes="updateOrder"
>         permission="zope.ManageContent" />
> </class>
> 
> 
>   Thierry Florac



More information about the Zope3-users mailing list