subject:"\[Zope\-dev\] Re\: \[Zope\] Re\: Not authorized to access binding"

[Zope-dev] Re: [Zope] Re: Not authorized to access binding

2006-05-25 Thread Tres Seaver

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Antonio Beamud Montero wrote:
> El jue, 25-05-2006 a las 12:49 -0400, Tres Seaver escribió:
> 
> If this template needs to be renderable by anonymous users even for
> contexts to which they do not have access, then you can give the
> template a proxy role which *does* have access.  Use with caution, and
> double check that the template won't expose any data which *should* be
> protected.
> 
> 
>> How I can do it in the Product code? I cannot find in the API...

It depends on how your template is created:

  - If it is a CMF FilesystemPageTemplate, then you can set the
proxy role in the associated '.metadata' file.  See the
example in CMFCore's tests[1].

  - If it is a PageTemplateFile, created as an attribute of a
Product class, then set the attribute '_proxy_roles' on the
instance.


[1]
http://svn.zope.org/CMF/branches/1.5/CMFCore/tests/fake_skins/fake_skin/test_dtml.dtml.metadata?rev=40122


Tres.
- --
===
Tres Seaver  +1 202-558-7113  [EMAIL PROTECTED]
Palladion Software   "Excellence by Design"http://palladion.com
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFEdhZj+gerLs4ltQ4RAiAQAKCtSW7iNfoO2WO0Y0K7+oPDWLKOHQCeKvzH
EEIAifSlPSE+uiF6wTiZHrI=
=KXNK
-END PGP SIGNATURE-
___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] Re: [Zope] Re: Not authorized to access binding

2006-05-25 Thread Antonio Beamud Montero

El jue, 25-05-2006 a las 12:49 -0400, Tres Seaver escribió:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
> Your template uses 'here', which is and alias for the 'context' binding,
> i.e. the object through which the template was acquired.  That object
> has permission settings which prevent anonymous access *to the object*,
> which makes its use in a path expression impossible, even though the
> 'absolute_url' method of that object *would* be accessible by anonymous.
> 
> If this template needs to be renderable by anonymous users even for
> contexts to which they do not have access, then you can give the
> template a proxy role which *does* have access.  Use with caution, and
> double check that the template won't expose any data which *should* be
> protected.

How I can do it in the Product code? I cannot find in the API...

A lot of thanks

> 
> Tres.
> - --
> ===
> Tres Seaver  +1 202-558-7113  [EMAIL PROTECTED]
> Palladion Software   "Excellence by Design"http://palladion.com
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1.4.1 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
> 
> iD8DBQFEdeA0+gerLs4ltQ4RAh8NAJ4x4u6UZ1L56x60f6gaXUzV/yX6igCcCEFV
> 2ug9atblCMjSgqPiYtU6nOI=
> =2Cnb
> -END PGP SIGNATURE-
> 
> ___
> Zope maillist  -  Zope@zope.org
> http://mail.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://mail.zope.org/mailman/listinfo/zope-announce
>  http://mail.zope.org/mailman/listinfo/zope-dev )

___
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

[Zope-dev] Re: [Zope] Re: Not authorized to access binding

[Zope-dev] Re: [Zope] Re: Not authorized to access binding

2 matches

Site Navigation

Mail list logo

Footer information