[Zope] security for ZPT-based Product
How can I manage permissions for imported ZPT files?
Relevant lines from my Product:
from AccessControl import ClassSecurityInfo
class MyClass():
security=ClassSecurityInfo()
comment_add_form=PageTemplateFile('zpt/comment_add_form',globals())
My goal is to limit access to comment_add_form to the Authenticated role
only. comment_add_form is on the filesystem, in my Product's zpt directory.
How can I achieve this? I understand zilch about ClassSecurityInfo...
(My Product is based on JMBoring template)
--
Milos Prudek
http://www.spoxdesign.com - your web usability testing
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] security for ZPT-based Product
On 11.Jul 2005 - 18:27:57, Milos Prudek wrote:
How can I manage permissions for imported ZPT files?
Relevant lines from my Product:
from AccessControl import ClassSecurityInfo
class MyClass():
security=ClassSecurityInfo()
comment_add_form=PageTemplateFile('zpt/comment_add_form',globals())
My goal is to limit access to comment_add_form to the Authenticated role
only.
comment_add_form is on the filesystem, in my Product's zpt directory.
add a security.declareProtected('comment_add_form', 'right that is
granted to Authenticated users only')
Where the second string would be one of the rights listed on the
security tab with in the ZMI. If that right is granted to the
authenticated user only, you have your access restrictions.
Andreas
--
Don't hate yourself in the morning -- sleep till noon.
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] security for ZPT-based Product
On 11 Jul 2005, at 17:41, Andreas Pakulat wrote:
add a security.declareProtected('comment_add_form', 'right that is
granted to Authenticated users only')
Where the second string would be one of the rights listed on the
security tab with in the ZMI. If that right is granted to the
authenticated user only, you have your access restrictions.
It's the other way around. Permission first, then the method name.
jens
___
Zope maillist - Zope@zope.org
http://mail.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope-dev )
