[Zope3-Users] z3c.form permission problem

Roger Ineichen dev at projekt01.ch
Tue Oct 27 21:02:57 EDT 2009


Hi Andre

> Betreff: [Zope3-Users] z3c.form permission problem
> 
> Hi all,
> 
> i have found a problem within z3c.form.
> I have the following scenario.
> Lets say i have a object Foo with two attributes A and B.
> I have setup a z3c.form EditForm for all objects Foo.
> If there is a user UserA with read/write access to Foo.A and 
> Foo.B, the form is rendered correctly with two input fields 
> for Foo.A and Foo.B.
> If there is a user UserB with read/write access to Foo.A and 
> read access to Foo.B, the form is rendered correctly with one 
> input Field for Foo.A and one display Field for Foo.B.
> If there is a user UserC with read/write access to Foo.A and 
> no access to Foo.B, i cant see the form, because of a 
> Unauthorized Exception.
> 
> After searching through the source, i have found, that in
> z3c.form.field.FieldWidgets.update()
> there is a check canWrite which switches between INPUT and 
> DISPLAY wheter a user has write permissions or not. What i 
> doesnt have found is a canAccess.  
> After inserting a canAccess
> near to canWrite the result is the following for UserC, the 
> form is rendered with only one input Field for Foo.A and none 
> for Foo.B.
> 
> It would be great if someone with more knowledge could take a 
> look at this.

I think this is the correct way to support what you need. Just
implement this in your special form.

Accessing objects with a page or form where the user does not
have the permission for, should by default run into an Unauthorized
error. If, like in your case, this should not happen, just implement
what you need.

I don't think that the form should ignore the default permission
concept and show a form without content or partial content by
default. The reason for this is that a user does not get forced to 
login if he has not the permission for e.g. Foo.B. Let's say
probably an Unathorized User could access Foo.A but not Foo.B.
After login the unauthorized User will become UserA and he whould
have access to Foo.A and Foo.B. If you use your special partial
rendering form, the Unauthorized User whould not get forced to 
login by an Unauthorized error. This is the reason why I belive
that the form should not render partial content if the user has
no permission. This should allways be a special form implementation
which reflects your security concept.

Regards
Roger Ineichen
_____________________________
END OF MESSAGE

> Best Regards,
> Andre
> 
> _______________________________________________
> Zope3-users mailing list
> Zope3-users at zope.org
> https://mail.zope.org/mailman/listinfo/zope3-users
> 



More information about the Zope3-users mailing list