[ZPT] Fw: Why can't ZPT's have Proxy Roles?!

Dylan Jay djay@avaya.com
Wed, 4 Dec 2002 01:42:55 +1100


----- Original Message -----
From: "Dylan Jay" <djay@avaya.com>
To: "Chris Withers" <chrisw@nipltd.com>
Sent: Wednesday, December 04, 2002 1:14 AM
Subject: Re: Why can't ZPT's have Proxy Roles?!


> ----- Original Message -----
> From: "Chris Withers" <chrisw@nipltd.com>
> To: "Jay, Dylan" <djay@avaya.com>
> Cc: <zpt@zope.org>
> Sent: Tuesday, December 03, 2002 8:39 PM
> Subject: Why can't ZPT's have Proxy Roles?!
>
>
> > Jay, Dylan wrote:
> > >
> > > Now from looking at the code absolute_url is a public method so
> shouldn't
> > > call be allowable without having to make register.html viewable to
> > > anonymous?
> >
> > Install the VerboseSecurity product and see fi it helps at all... The
user
> may
>
> I have it installed but it doesn't work with cookiecrumbler. Anyone worked
> out how to get error values on using cookiecrumbler?
>
> > need the 'Access Contents Information' permission on register.html, so
> they can
>
> nah, looking at the code the problem seems to be that all ZPT objects are
> protected by the view permission. That means anything that wants to get
any
> kind of access to an object needs view permission and traversal obviously
> needs access. Seems folder objects aren't set up that way. I'm not sure
> about the complete ramifications but it seems crazy that the object itself
> is protected when methods such as "absolute_url" are public. Theres no way
> to get at those public methods without giving the user permission to view
it
> (something I really don't want to do).
>
> > actually traverse to the absolute_url method before calling it.
> >
> > > Without ZPT proxy roles would be the answer but that isn't offer
> > > with ZPT :(
> >
> > Yeah, why aren't Proxy Roles available? I think having Proxy roles on
> ZPT's
> > would solve a multitude of similar irritations...
>
> I can kind of see where the idea orgininated from, that giving a ZPT god
> access will encourage people to put more smarts into it and hense there
will
> be less seperation of presentation and logic. However, for example, what
> about things like macros? I don't want to let people view
> standard_template.pt or other templates, yet I have to in order for any
> template that uses that macro to be viewable. That is nasty, at at the
> moment I can't see a way around this without proxies.
>
> > cheers,
> >
> > Chris
> >
>