[ZPT] PageTemplateFile s and product attributes

Clemens Robbenhaar zpt@zope.org
Wed, 11 Dec 2002 19:50:28 +0100


Hi Troy,

 what kind of error message do You get, actually ?

 > Greetings guys and gals.
 > I have a security related question.  It appears to be related to the 
 > question posed by Dylan at
 > http://lists.zope.org/pipermail/zpt/2002-December/004112.html
 > 
 > I have a python product.  It uses PageTemplateFiles.  It uses them for 
 > the management interface.  If I were smart, I would use the same method 
 > that everyone else does to build the tabs and banner, but I'm not, so 
 > I've written my own (actually, I just wanted them to validate - is that 
 > too much to ask?)  The problem comes when the PageTemplateFile tries to 
 > access my products 'icon' attribute, or any other attribute (should I 
 > say property?)  If I create the exact same PageTemplate in the ZODB, it 
 > works fine, but not coming from the filesystem.  If I use 
 > security.setDefaultAccess("allow"), it works.  Basically, my question is 
 > this:
 > 
 > How can a PageTemplate file be set in a product so that it can access 
 > the product's attributes without using security.setDefaultAccess("allow")?
 > 
 > Again: ZPT in ZODB works, PageTemplateFile does not work.
 > 

 I assume You want to visit these pages with a manager role anyway.

 Then You could give the file system page a protection requiring manager
role, like this:

    manage_tab = PageTemplateFile(
        'www/manage.zpt',
        globals(),  __name__='manage_tab')

    security.declareProtected('View management screens', 'manage_tab')

It then will pass down the manager role when accessing other attributes
in Your class. (With Zope2.5.1 due to catching away Unauthorized errors,
this did not work properly sometimes ... with Zope2.6.0 this is not an
issue any longer.)

However I am not sure it this helps -- guess I have not understand Your
problem all together.

Regards,
Clemens