[Zope3-Users] z3c.form permission problem

Andre Schubert schubert.andre at web.de
Mon Nov 2 14:44:51 EST 2009


Hi Roger,

Am 28.10.2009 um 02:02 schrieb Roger Ineichen:

> Hi Andre
>
>> Betreff: [Zope3-Users] z3c.form permission problem
>>
>> Hi all,
>>
>> i have found a problem within z3c.form.
>> I have the following scenario.
>> Lets say i have a object Foo with two attributes A and B.
>> I have setup a z3c.form EditForm for all objects Foo.
>> If there is a user UserA with read/write access to Foo.A and
>> Foo.B, the form is rendered correctly with two input fields
>> for Foo.A and Foo.B.
>> If there is a user UserB with read/write access to Foo.A and
>> read access to Foo.B, the form is rendered correctly with one
>> input Field for Foo.A and one display Field for Foo.B.
>> If there is a user UserC with read/write access to Foo.A and
>> no access to Foo.B, i cant see the form, because of a
>> Unauthorized Exception.
>>
>> After searching through the source, i have found, that in
>> z3c.form.field.FieldWidgets.update()
>> there is a check canWrite which switches between INPUT and
>> DISPLAY wheter a user has write permissions or not. What i
>> doesnt have found is a canAccess.
>> After inserting a canAccess
>> near to canWrite the result is the following for UserC, the
>> form is rendered with only one input Field for Foo.A and none
>> for Foo.B.
>>
>> It would be great if someone with more knowledge could take a
>> look at this.
>
> I think this is the correct way to support what you need. Just
> implement this in your special form.
>
> Accessing objects with a page or form where the user does not
> have the permission for, should by default run into an Unauthorized
> error. If, like in your case, this should not happen, just implement
> what you need.
>
> I don't think that the form should ignore the default permission
> concept and show a form without content or partial content by
> default. The reason for this is that a user does not get forced to
> login if he has not the permission for e.g. Foo.B. Let's say
> probably an Unathorized User could access Foo.A but not Foo.B.
> After login the unauthorized User will become UserA and he whould
> have access to Foo.A and Foo.B. If you use your special partial
> rendering form, the Unauthorized User whould not get forced to
> login by an Unauthorized error. This is the reason why I belive
> that the form should not render partial content if the user has
> no permission. This should allways be a special form implementation
> which reflects your security concept.
>

Sorry for the long delay.
Thank you for the clarification. One minor thing, my special partial
rendering form does only work for users who have access to at least one
attribute, all others are forced to login. Anyway, if my usecase is  
so special
then i will do my own implementation.

Best Regards,
Andre


More information about the Zope3-users mailing list