[Zope3-Users] browser:containerViews
Hi!
The differentiation of the 'contents' and 'add' attributes of
browser:containerViews seems weird.
To actually 'add' content the permission which is set for 'contents'
nescessarily has to be granted to the principal. To put more formal: not
permission('contents') = not permission('add')
All Principals excluded from 'contents' are excluded from 'add'.
A consequence of this is: Each principal, that you want to grant the
permission to add, gets the Cut/Insert/Delete-menu and is able to delete
content, because this menu is controled by the 'contents' attribute.
So it is impossible to distinguish members (which can add) and editors
(which can cut and delete).
To include a principal to 'add' you nescessarily have to include him to
'contents' and its cut/delete-menu.
An Example:
containerViews
for=paradigm.categorydb.interfaces.ICategory
index=zope.View
contents=paradigm.EditCategory
add=paradigm.AddCategory
/
paradigm.AddCategory is granted to members, members can add content.
paradigm.EditCategory is granted to Editors, only a few editors can
delete etc. contents.
With this setting a member with granted paradigm.AddCategory can *not*
add content, but is prompted to the login form.
To let a menber add content I have to change the registration to:
containerViews
for=paradigm.categorydb.interfaces.ICategory
index=zope.View
contents=paradigm.AddCategory
add=paradigm.AddCategory
/
But then the member can has the right to delete etc.
But maybe only my application is weird. I don't want all folks be able
to delitte, i want them to add! ;) I want stable content with lots of
relations...
Regards,
Christian
___
Zope3-users mailing list
Zope3-users@zope.org
http://mail.zope.org/mailman/listinfo/zope3-users
Re: [Zope3-Users] browser:containerViews
Hm, I think I have to put it even more excat:
A user excluded from 'contents' but included in 'add' can call an
IAdding view for the Interface in question. Even though the addMenuItems
are gone, the user can query the page by hand in the browser address
field. When he presses the add-button he is redirected to the login
form. But the object *is* created.
The whole problem disappears when I set the permssion on 'contents' more
loose ( =paradigm.AddCategory instead of EditCategory; AddCategory
granted to the user).
I think the issue is the redirection after object creation. The
createAndAdd() method is being done but when it comes to nextURL() or
so, something obscure happens...
I use 3.2.0b2
Here's the whole configure.zcml:
(ICategoryDB is a container for ICategory, ICategory is one for IPredicate.)
configure
xmlns='http://namespaces.zope.org/browser'
xmlns:zope='http://namespaces.zope.org/zope'
!-- ICategoryDB --
addform
schema=paradigm.categorydb.interfaces.ICategoryDB
content_factory=paradigm.categorydb.categorydb.CategoryDB
name=AddCategoryDB.html
label=Add a CategoryDB.
permission=zope.ManageContent
/
addMenuItem
class=paradigm.categorydb.categorydb.CategoryDB
title=CategoryDB
description=Add a CategoryDB.
view=AddCategoryDB.html
permission=zope.ManageContent
/
editform
schema=paradigm.categorydb.interfaces.ICategoryDB
name=Edit.html
label=Change CategoryDB.
menu=zmi_views title=Edit
permission=zope.ManageContent
/
containerViews
for=paradigm.categorydb.interfaces.ICategoryDB
index=zope.View
contents=paradigm.EditCategory*==*
add=paradigm.AddCategory
/
!-- ICategory --
addform
schema=paradigm.categorydb.interfaces.ICategory
content_factory=paradigm.categorydb.category.Category
name=AddCategory.html
label=Add a Category.
permission=paradigm.AddCategory
set_before_add=name
/
addMenuItem
class=paradigm.categorydb.category.Category
title=Category
description=Add a Category.
view=AddCategory.html
permission=paradigm.AddCategory
/
editform
schema=paradigm.categorydb.interfaces.ICategory
name=Edit.html
label=Change Category.
menu=zmi_views title=Edit
permission=paradigm.EditCategory
/
containerViews
for=paradigm.categorydb.interfaces.ICategory
index=zope.View
contents=paradigm.EditCategory
add=paradigm.AddCategory
/
page
for=paradigm.categorydb.interfaces.ICategory
name=details.html
class=.category.CategoryDetailsView
menu=zmi_views title=Details
permission=zope.View
/
defaultView
for=paradigm.categorydb.interfaces.ICategory
name=details.html
/
!-- IPredicate --
addform
schema=paradigm.categorydb.interfaces.IPredicate
content_factory=paradigm.categorydb.predicate.Predicate
name=AddPredicate.html
label=Add a Predicate.
permission=paradigm.AddCategory
set_before_add=name
/
addMenuItem
class=paradigm.categorydb.predicate.Predicate
title=Predicate
description=Add a Predicate.
view=AddPredicate.html
permission=paradigm.AddCategory
/
editform
schema=paradigm.categorydb.interfaces.IPredicate
name=Edit.html
label=Change Predicate.
menu=zmi_views title=Edit
permission=paradigm.EditCategory
/
!--containerViews
for=paradigm.categorydb.interfaces.IPredicate
index=zope.View
contents=paradigm.EditCategory*==*
add=paradigm.AddCategory
/--
!-- skin dependend menu items --
menuItems
for=paradigm.categorydb.interfaces.ICategory
menu=category
layer=paradigm
menuItem
action=details.html
title=Details
/
menuItem
action=+
title=Add Content
/
/menuItems
menuItems
for=paradigm.categorydb.interfaces.ICategoryDB
menu=category
layer=paradigm
menuItem
action=+
title=Add Content
/
/menuItems
/configure
(top of obscure: The addMenuItems in rotterdam are gone but the 'Add
Content' items in my own skin are there.)
Regards,
Christian
Christian Lück wrote:
Hi!
The differentiation of the 'contents' and 'add' attributes of
browser:containerViews seems weird.
To actually 'add' content the permission which is set for 'contents'
nescessarily has to be granted to the principal. To put more formal: not
permission('contents') = not permission('add')
All Principals excluded from 'contents' are excluded from 'add'.
A consequence of this is: Each principal, that you want to grant the
permission to add, gets the Cut/Insert/Delete-menu and is able to delete
content, because this menu is controled by the 'contents' attribute.
So it is impossible
