[Zope3-Users] browser:containerViews
Hi! The differentiation of the 'contents' and 'add' attributes of browser:containerViews seems weird. To actually 'add' content the permission which is set for 'contents' nescessarily has to be granted to the principal. To put more formal: not permission('contents') = not permission('add') All Principals excluded from 'contents' are excluded from 'add'. A consequence of this is: Each principal, that you want to grant the permission to add, gets the Cut/Insert/Delete-menu and is able to delete content, because this menu is controled by the 'contents' attribute. So it is impossible to distinguish members (which can add) and editors (which can cut and delete). To include a principal to 'add' you nescessarily have to include him to 'contents' and its cut/delete-menu. An Example: containerViews for=paradigm.categorydb.interfaces.ICategory index=zope.View contents=paradigm.EditCategory add=paradigm.AddCategory / paradigm.AddCategory is granted to members, members can add content. paradigm.EditCategory is granted to Editors, only a few editors can delete etc. contents. With this setting a member with granted paradigm.AddCategory can *not* add content, but is prompted to the login form. To let a menber add content I have to change the registration to: containerViews for=paradigm.categorydb.interfaces.ICategory index=zope.View contents=paradigm.AddCategory add=paradigm.AddCategory / But then the member can has the right to delete etc. But maybe only my application is weird. I don't want all folks be able to delitte, i want them to add! ;) I want stable content with lots of relations... Regards, Christian ___ Zope3-users mailing list Zope3-users@zope.org http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] browser:containerViews
Hm, I think I have to put it even more excat: A user excluded from 'contents' but included in 'add' can call an IAdding view for the Interface in question. Even though the addMenuItems are gone, the user can query the page by hand in the browser address field. When he presses the add-button he is redirected to the login form. But the object *is* created. The whole problem disappears when I set the permssion on 'contents' more loose ( =paradigm.AddCategory instead of EditCategory; AddCategory granted to the user). I think the issue is the redirection after object creation. The createAndAdd() method is being done but when it comes to nextURL() or so, something obscure happens... I use 3.2.0b2 Here's the whole configure.zcml: (ICategoryDB is a container for ICategory, ICategory is one for IPredicate.) configure xmlns='http://namespaces.zope.org/browser' xmlns:zope='http://namespaces.zope.org/zope' !-- ICategoryDB -- addform schema=paradigm.categorydb.interfaces.ICategoryDB content_factory=paradigm.categorydb.categorydb.CategoryDB name=AddCategoryDB.html label=Add a CategoryDB. permission=zope.ManageContent / addMenuItem class=paradigm.categorydb.categorydb.CategoryDB title=CategoryDB description=Add a CategoryDB. view=AddCategoryDB.html permission=zope.ManageContent / editform schema=paradigm.categorydb.interfaces.ICategoryDB name=Edit.html label=Change CategoryDB. menu=zmi_views title=Edit permission=zope.ManageContent / containerViews for=paradigm.categorydb.interfaces.ICategoryDB index=zope.View contents=paradigm.EditCategory*==* add=paradigm.AddCategory / !-- ICategory -- addform schema=paradigm.categorydb.interfaces.ICategory content_factory=paradigm.categorydb.category.Category name=AddCategory.html label=Add a Category. permission=paradigm.AddCategory set_before_add=name / addMenuItem class=paradigm.categorydb.category.Category title=Category description=Add a Category. view=AddCategory.html permission=paradigm.AddCategory / editform schema=paradigm.categorydb.interfaces.ICategory name=Edit.html label=Change Category. menu=zmi_views title=Edit permission=paradigm.EditCategory / containerViews for=paradigm.categorydb.interfaces.ICategory index=zope.View contents=paradigm.EditCategory add=paradigm.AddCategory / page for=paradigm.categorydb.interfaces.ICategory name=details.html class=.category.CategoryDetailsView menu=zmi_views title=Details permission=zope.View / defaultView for=paradigm.categorydb.interfaces.ICategory name=details.html / !-- IPredicate -- addform schema=paradigm.categorydb.interfaces.IPredicate content_factory=paradigm.categorydb.predicate.Predicate name=AddPredicate.html label=Add a Predicate. permission=paradigm.AddCategory set_before_add=name / addMenuItem class=paradigm.categorydb.predicate.Predicate title=Predicate description=Add a Predicate. view=AddPredicate.html permission=paradigm.AddCategory / editform schema=paradigm.categorydb.interfaces.IPredicate name=Edit.html label=Change Predicate. menu=zmi_views title=Edit permission=paradigm.EditCategory / !--containerViews for=paradigm.categorydb.interfaces.IPredicate index=zope.View contents=paradigm.EditCategory*==* add=paradigm.AddCategory /-- !-- skin dependend menu items -- menuItems for=paradigm.categorydb.interfaces.ICategory menu=category layer=paradigm menuItem action=details.html title=Details / menuItem action=+ title=Add Content / /menuItems menuItems for=paradigm.categorydb.interfaces.ICategoryDB menu=category layer=paradigm menuItem action=+ title=Add Content / /menuItems /configure (top of obscure: The addMenuItems in rotterdam are gone but the 'Add Content' items in my own skin are there.) Regards, Christian Christian Lück wrote: Hi! The differentiation of the 'contents' and 'add' attributes of browser:containerViews seems weird. To actually 'add' content the permission which is set for 'contents' nescessarily has to be granted to the principal. To put more formal: not permission('contents') = not permission('add') All Principals excluded from 'contents' are excluded from 'add'. A consequence of this is: Each principal, that you want to grant the permission to add, gets the Cut/Insert/Delete-menu and is able to delete content, because this menu is controled by the 'contents' attribute. So it is impossible