Re: [Zope-CMF] Controlling permissions for actions
Am 27.09.2007 um 21:26 schrieb Dieter Maurer: You can, of course, restrict its "View" permission -- via its "Security" tab, if it is in the ZODB, or with a "*.metadata" files for an "FSObject". I'm used to restrictions in the ZODB: I usually put these kind of things in a folder with I then restrict. Can you tell me more about metadata? Charlie -- Charlie Clark Helmholtzstr. 20 Düsseldorf D- 40215 Tel: +49-211-938-5360 GSM: +49-178-782-6226 ___ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests
Re: [Zope-CMF] Controlling permissions for actions
Jens Vagelpohl wrote at 2007-9-27 12:40 +0200: > ... >If you have a script somewhere in the skins or in your site it will >*always* be available for people who call it up directly by URL. You can, of course, restrict its "View" permission -- via its "Security" tab, if it is in the ZODB, or with a "*.metadata" files for an "FSObject". -- Dieter ___ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests
[Zope-CMF] CMF Tests: 11 OK
Summary of messages to the cmf-tests list. Period Wed Sep 26 12:00:00 2007 UTC to Thu Sep 27 12:00:00 2007 UTC. There were 11 messages: 11 from CMF Unit Tests. Tests passed OK --- Subject: OK : CMF-1.5 Zope-2.7 Python-2.3.6 : Linux From: CMF Unit Tests Date: Wed Sep 26 21:25:19 EDT 2007 URL: http://mail.zope.org/pipermail/cmf-tests/2007-September/006436.html Subject: OK : CMF-1.5 Zope-2.8 Python-2.3.6 : Linux From: CMF Unit Tests Date: Wed Sep 26 21:26:49 EDT 2007 URL: http://mail.zope.org/pipermail/cmf-tests/2007-September/006437.html Subject: OK : CMF-1.5 Zope-2.9 Python-2.4.4 : Linux From: CMF Unit Tests Date: Wed Sep 26 21:28:20 EDT 2007 URL: http://mail.zope.org/pipermail/cmf-tests/2007-September/006438.html Subject: OK : CMF-1.6 Zope-2.8 Python-2.3.6 : Linux From: CMF Unit Tests Date: Wed Sep 26 21:29:50 EDT 2007 URL: http://mail.zope.org/pipermail/cmf-tests/2007-September/006439.html Subject: OK : CMF-1.6 Zope-2.9 Python-2.4.4 : Linux From: CMF Unit Tests Date: Wed Sep 26 21:31:20 EDT 2007 URL: http://mail.zope.org/pipermail/cmf-tests/2007-September/006440.html Subject: OK : CMF-2.0 Zope-2.9 Python-2.4.4 : Linux From: CMF Unit Tests Date: Wed Sep 26 21:32:51 EDT 2007 URL: http://mail.zope.org/pipermail/cmf-tests/2007-September/006441.html Subject: OK : CMF-2.0 Zope-2.10 Python-2.4.4 : Linux From: CMF Unit Tests Date: Wed Sep 26 21:34:21 EDT 2007 URL: http://mail.zope.org/pipermail/cmf-tests/2007-September/006442.html Subject: OK : CMF-2.1 Zope-2.10 Python-2.4.4 : Linux From: CMF Unit Tests Date: Wed Sep 26 21:35:51 EDT 2007 URL: http://mail.zope.org/pipermail/cmf-tests/2007-September/006443.html Subject: OK : CMF-2.1 Zope-trunk Python-2.4.4 : Linux From: CMF Unit Tests Date: Wed Sep 26 21:37:21 EDT 2007 URL: http://mail.zope.org/pipermail/cmf-tests/2007-September/006444.html Subject: OK : CMF-trunk Zope-2.10 Python-2.4.4 : Linux From: CMF Unit Tests Date: Wed Sep 26 21:38:51 EDT 2007 URL: http://mail.zope.org/pipermail/cmf-tests/2007-September/006445.html Subject: OK : CMF-trunk Zope-trunk Python-2.4.4 : Linux From: CMF Unit Tests Date: Wed Sep 26 21:40:21 EDT 2007 URL: http://mail.zope.org/pipermail/cmf-tests/2007-September/006446.html ___ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests
Re: [Zope-CMF] Controlling permissions for actions
Am 27.09.2007 um 13:09 schrieb Wichert Akkerman: You can use a browser view instead of a python script and protect that with a permission. That's good to hear! This is probably going to be my last "skins"- based project and I will try and move it to a browser view approach. It's been my first real attempt to implement application logic in the CMF and has been an interesting experience coming from a more classical TTW Zope approach. Charlie -- Charlie Clark Helmholtzstr. 20 Düsseldorf D- 40215 Tel: +49-211-938-5360 GSM: +49-178-782-6226 ___ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests
Re: [Zope-CMF] Controlling permissions for actions
Previously Charlie Clark wrote: > > Am 27.09.2007 um 12:40 schrieb Jens Vagelpohl: > > >If you have a script somewhere in the skins or in your site it will > >*always* be available for people who call it up directly by URL. > >There is no builtin mechanism in Zope or the CMF to control that. > >You could do some "manual" checking inside the script to make sure > >the calling user has the right permissions or the script is not > >called by direct URL traversal. > > Thanks, I thought as much. It's not difficult to check the user for > the correct role and return an index page otherwise but I guess I > need to start explicitly attaching such scripts to objects and their > methods but I'm still on that learning curve, which is probably not > helped by the fact I nearly always store data in an RDBMS and I don't > use O/R mappers. You can use a browser view instead of a python script and protect that with a permission. Wichert. -- Wichert Akkerman <[EMAIL PROTECTED]>It is simple to make things. http://www.wiggy.net/ It is hard to make things simple. ___ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests
Re: [Zope-CMF] Controlling permissions for actions
Am 27.09.2007 um 12:40 schrieb Jens Vagelpohl: If you have a script somewhere in the skins or in your site it will *always* be available for people who call it up directly by URL. There is no builtin mechanism in Zope or the CMF to control that. You could do some "manual" checking inside the script to make sure the calling user has the right permissions or the script is not called by direct URL traversal. Thanks, I thought as much. It's not difficult to check the user for the correct role and return an index page otherwise but I guess I need to start explicitly attaching such scripts to objects and their methods but I'm still on that learning curve, which is probably not helped by the fact I nearly always store data in an RDBMS and I don't use O/R mappers. Charlie -- Charlie Clark Helmholtzstr. 20 Düsseldorf D- 40215 Tel: +49-211-938-5360 GSM: +49-178-782-6226 ___ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests
Re: [Zope-CMF] Controlling permissions for actions
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 27 Sep 2007, at 12:19, Charlie Clark wrote: Hi, how do I control access to a PythonScript that should only be available as an action? I've setup the action for the site and given it a permission but this seems only to affect it's visibility for users. ie. I have a script manage_wombats and configured action for it with the Permission "Manage portal". It is listed as an action only for managers but is globally available as a URL. If you have a script somewhere in the skins or in your site it will *always* be available for people who call it up directly by URL. There is no builtin mechanism in Zope or the CMF to control that. You could do some "manual" checking inside the script to make sure the calling user has the right permissions or the script is not called by direct URL traversal. jens -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (Darwin) iD8DBQFG+4i7RAx5nvEhZLIRAt1WAJwNh6gRJUtBRWRr+YiOQPsS3/30tQCdFMY0 ZOCbsqK3aHm2+meX7uc3hKA= =AYPK -END PGP SIGNATURE- ___ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests
[Zope-CMF] Controlling permissions for actions
Hi, how do I control access to a PythonScript that should only be available as an action? I've setup the action for the site and given it a permission but this seems only to affect it's visibility for users. ie. I have a script manage_wombats and configured action for it with the Permission "Manage portal". It is listed as an action only for managers but is globally available as a URL. Charlie -- Charlie Clark Helmholtzstr. 20 Düsseldorf D- 40215 Tel: +49-211-938-5360 GSM: +49-178-782-6226 ___ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests
[Zope-CMF] CMF Collector: Open Issues
The following supporters have open issues assigned to them in this collector (http://www.zope.org/Collectors/CMF). Assigned and Open tseaver - "CMF needs View-based TypeInformation", [Accepted] http://www.zope.org/Collectors/CMF/437 - "CachingPolicyManager awareness of File and Image does not work", [Accepted] http://www.zope.org/Collectors/CMF/496 yuppie - "purge_old in runAllImportSteps not working", [Accepted] http://www.zope.org/Collectors/CMF/455 Pending / Deferred Issues - "workflow notify success should be after reindex", [Deferred] http://www.zope.org/Collectors/CMF/389 - "Discussions broken", [Pending] http://www.zope.org/Collectors/CMF/493 - "components handler: export of placeless utilities is broken", [Pending] http://www.zope.org/Collectors/CMF/498 - "CatalogTool._listAllowedRolesAndUsers() returns wrong result ", [Pending] http://www.zope.org/Collectors/CMF/502 - "Spinning browser when running a snapshot", [Pending] http://www.zope.org/Collectors/CMF/503 - "GenericSetup import onto existing skins fails when adding new layers relative to old ones", [Pending] http://www.zope.org/Collectors/CMF/505 Pending / Deferred Features - "CMFTopic Does Not Cache", [Deferred] http://www.zope.org/Collectors/CMF/295 - "iCal support for CMFCalendar", [Pending] http://www.zope.org/Collectors/CMF/487 - "components handler: support for sub-sites", [Pending] http://www.zope.org/Collectors/CMF/500 - "components handler: support removing items", [Pending] http://www.zope.org/Collectors/CMF/501 - "components handler: make 'interface' attribute optional", [Pending] http://www.zope.org/Collectors/CMF/499 ___ Zope-CMF maillist - Zope-CMF@lists.zope.org http://mail.zope.org/mailman/listinfo/zope-cmf See http://collector.zope.org/CMF for bug reports and feature requests