Also, i have a PAU registered. Still it seems like the PAU is not being
contacted for authenticating REST requests. I can Authenticate the
principals in principal.zcml only.
rgds,
Jayarajan J N (IRC nick - jayaraj)
On Thu, Dec 11, 2008 at 12:06 PM, Jayarajan Jn <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> Recently i was looking for some zope3 based solutions for implementing
> RESTful public API. And i found z3c.rest. To begin with package I have
> installed it and enabled the the RESTviews for 'Folder' that is provided in
> the 'tests' sub-folder of z3c.rest. It works fine. Then i changed the
> Permission setting for GET view from 'zope.View' to 'zope.ManageContent'
> and i expected this would make the GET view of the Folder to be unavailable
> to the Public. But it was still possible for me to call the GET view with an
> 'unauthorised' request.
>
> Similarly, i changed the permission for POST/PUT from 'zope.ManageContent'
> to 'zope.Public' and still I had to get authenticated to access it.
>
> Can any one please tell me how can i use local grants with z3c.rest? I
> expected it to work the same way as other zope:views do. Please help me on
> this.
>
> I have installed the package available in the svn trunk. Zope3 setup is
> zope3.4.0c1 + python 2.5
> I have tested the GET view using both web browser and a python script.
>
> Following is the original configurations from z3c/rest/tests/folder.zcml
>
>
> for="zope.app.folder.interfaces.IFolder"
> name="GET"
> type="..interfaces.IRESTRequest"
> factory=".folder.FolderAPI"
> permission="zope.View"
> allowed_attributes="GET"
> />
>
> for="zope.app.folder.interfaces.IFolder"
> name="POST"
> type="..interfaces.IRESTRequest"
> factory=".folder.FolderAPI"
> permission="zope.ManageContent"
> allowed_attributes="POST"
> />
>
> for="zope.app.folder.interfaces.IFolder"
> name="PUT"
> type="..interfaces.IRESTRequest"
> factory=".folder.FolderAPI"
> permission="zope.ManageContent"
> allowed_attributes="PUT"
> />
> ##
>
> This is how i changed it
>
> --
> for="zope.app.folder.interfaces.IFolder"
> name="GET"
> type="..interfaces.IRESTRequest"
> factory=".folder.FolderAPI"
> permission="zope.ManageContent"
> allowed_attributes="GET"
> />
>
> for="zope.app.folder.interfaces.IFolder"
> name="POST"
> type="..interfaces.IRESTRequest"
> factory=".folder.FolderAPI"
> permission="zope.Public"
> allowed_attributes="POST"
> />
>
> for="zope.app.folder.interfaces.IFolder"
> name="PUT"
> type="..interfaces.IRESTRequest"
> factory=".folder.FolderAPI"
> permission="zope.Public"
> allowed_attributes="PUT"
> />
>
>
> Thanks in advance.
>
> rgds,
> Jayarajan J N (IRC nick - jayaraj)
>
>
___
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
