[Zope] security for ZPT-based Product
How can I manage permissions for imported ZPT files? Relevant lines from my Product: from AccessControl import ClassSecurityInfo class MyClass(): security=ClassSecurityInfo() comment_add_form=PageTemplateFile('zpt/comment_add_form',globals()) My goal is to limit access to comment_add_form to the Authenticated role only. comment_add_form is on the filesystem, in my Product's zpt directory. How can I achieve this? I understand zilch about ClassSecurityInfo... (My Product is based on JMBoring template) -- Milos Prudek http://www.spoxdesign.com - your web usability testing ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] security for ZPT-based Product
On 11.Jul 2005 - 18:27:57, Milos Prudek wrote: How can I manage permissions for imported ZPT files? Relevant lines from my Product: from AccessControl import ClassSecurityInfo class MyClass(): security=ClassSecurityInfo() comment_add_form=PageTemplateFile('zpt/comment_add_form',globals()) My goal is to limit access to comment_add_form to the Authenticated role only. comment_add_form is on the filesystem, in my Product's zpt directory. add a security.declareProtected('comment_add_form', 'right that is granted to Authenticated users only') Where the second string would be one of the rights listed on the security tab with in the ZMI. If that right is granted to the authenticated user only, you have your access restrictions. Andreas -- Don't hate yourself in the morning -- sleep till noon. ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] security for ZPT-based Product
On 11 Jul 2005, at 17:41, Andreas Pakulat wrote: add a security.declareProtected('comment_add_form', 'right that is granted to Authenticated users only') Where the second string would be one of the rights listed on the security tab with in the ZMI. If that right is granted to the authenticated user only, you have your access restrictions. It's the other way around. Permission first, then the method name. jens ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )