Re: Re: [Zope] allow access to fileobject depending on role
Jonathan wrote: > Try something like: fileObj = context.restrictedTraverse('/folderA/folderB/printsbestand.pdf') fileData = context.printsbestand() fileObj.update_data(fileData, content_type='application/pdf', size=len(fileData) ) Warning: untested! Look in the ZopeBook for more info. hth Jonathan Yes! After getting an Unauthorized exception in Zope because I used a Python script and the method updata_data has permission Python only, I switched to an External Method. The new file is beeing uploaded, or updated if it already exists, and the assigned security roles are kept intact. This is how the external method turned out: def uploadPdf(self): fileDir = '/bla/bla/' fileName = 'file.pdf' path_list = self.getPhysicalPath() path = "/".join(path_list) + "/" + fileName f = open(fileDir + fileName) fileBody = f.read() f.close try: self.manage_addFile(fileName, fileBody, content_type='application/pdf') except: fileObj = self.restrictedTraverse(path) fileObj.update_data(fileBody, content_type='application/pdf', size=len(fileBody)) Greetings, Leandros ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: Re: [Zope] allow access to fileobject depending on role
- Original Message - From: "leandros van den berg" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: Sent: Thursday, June 01, 2006 4:49 AM Subject: Re: Re: [Zope] allow access to fileobject depending on role > Chris Withers wrote: I'm having trouble with the precondition field of a fileobject. I've got a fileobject (a PDF-file) and its precondition field states myPrecondition, which is a DTML Method and its code is: This is insane... Why is this insane? Because of using a precondition, the code of the method or the hole idea? Note: Using the security setting and assigning roles is not an option because the fileobject is recreated every night. Rubbish. Two options: - don't recreate the file each night, just edit its contents. I'm thinking of manage_upload or update_data to edit the file content, but I can't figure out how to apply them. Hell, I can't even figure out how to select the file that is to be updated! I use the following two objects for replacing the existing file. 1. External Method 'printbestand' def printbestand(): filename='/home/leandros/myzope/instance/Extensions/printbestand.pdf' f=open(filename) filebody=f.read() f.close return filebody if __name__ == "__main__": print printbestand() 2. Script (Python) 'printbestand_upload': try: context.manage_delObjects(ids='printbestand.pdf') except: pass fileobject = context.printbestand() context.manage_addFile('printbestand.pdf',file=fileobject, content_type='application/pdf') return 0 As you can see in 'printbestand_upload', the file is deleted first and then the new file is added. Obviously the existing file should not be deleted but its content updatad/edited/replaced. My question are: Q1: How do I select the file that is to be updated? Q2: How do I update the content of that file with the content of the new file? Try something like: fileObj = context.restrictedTraverse('/folderA/folderB/printsbestand.pdf') fileData = context.printsbestand() fileObj.update_data(fileData, content_type='application/pdf', size=len(fileData) ) Warning: untested! Look in the ZopeBook for more info. hth Jonathan ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: Re: [Zope] allow access to fileobject depending on role
> Chris Withers wrote: I'm having trouble with the precondition field of a fileobject. I've got a fileobject (a PDF-file) and its precondition field states myPrecondition, which is a DTML Method and its code is: This is insane... Why is this insane? Because of using a precondition, the code of the method or the hole idea? Note: Using the security setting and assigning roles is not an option because the fileobject is recreated every night. Rubbish. Two options: - don't recreate the file each night, just edit its contents. I'm thinking of manage_upload or update_data to edit the file content, but I can't figure out how to apply them. Hell, I can't even figure out how to select the file that is to be updated! I use the following two objects for replacing the existing file. 1. External Method 'printbestand' def printbestand(): filename='/home/leandros/myzope/instance/Extensions/printbestand.pdf' f=open(filename) filebody=f.read() f.close return filebody if __name__ == "__main__": print printbestand() 2. Script (Python) 'printbestand_upload': try: context.manage_delObjects(ids='printbestand.pdf') except: pass fileobject = context.printbestand() context.manage_addFile('printbestand.pdf',file=fileobject, content_type='application/pdf') return 0 As you can see in 'printbestand_upload', the file is deleted first and then the new file is added. Obviously the existing file should not be deleted but its content updatad/edited/replaced. My question are: Q1: How do I select the file that is to be updated? Q2: How do I update the content of that file with the content of the new file? - when you recreate the file, set the role to permission mapping in the same lump of code. OK, how do I do that? cheers, Chris Kind regards, Leandros ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] allow access to fileobject depending on role
leandros van den berg wrote at 2006-5-24 14:56 +0200: > ... >Situation II: >- User with Bobo-role logs in and opens the PDF-file by entering its URL >in the browser and the file is being displayed. >- Close browser. >- User without Bobo-role logs in and opens the PDF-file by entering its >URL in the browser and the file is being displayed. This is standard caching behaviour. HTTP 1.1 specified the "vary" header to prevent this caching effect. Depending on how you login, you would set "vary" either to "Authorization" (HTTP authentication) or "Cookie" (cookie authentication). -- Dieter ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
Re: [Zope] allow access to fileobject depending on role
leandros van den berg wrote: I'm having trouble with the precondition field of a fileobject. I've got a fileobject (a PDF-file) and its precondition field states myPrecondition, which is a DTML Method and its code is: This is insane... Situation II: - User with Bobo-role logs in and opens the PDF-file by entering its URL in the browser and the file is being displayed. - Close browser. - User without Bobo-role logs in and opens the PDF-file by entering its URL in the browser and the file is being displayed. Not so good. The user without Bobo-role in situation II should get a login screen. Apparently because the file is in the browser cache, the user is authenticated. No. The file is in the browser cache, so the cached version is returned to the user. This has nothing to do with authentication. You need to look at ways (ie: response headers, etc) to tell the browser not to cache this file, if that's what you really want... Note: Using the security setting and assigning roles is not an option because the fileobject is recreated every night. Rubbish. Two options: - don't recreate the file each night, just edit its contents. - when you recreate the file, set the role to permission mapping in the same lump of code. cheers, Chris -- Simplistix - Content Management, Zope & Python Consulting - http://www.simplistix.co.uk ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )
[Zope] allow access to fileobject depending on role
Hello, I'm having trouble with the precondition field of a fileobject. I've got a fileobject (a PDF-file) and its precondition field states myPrecondition, which is a DTML Method and its code is: (source: http://www.zopelabs.com/cookbook/1016369692) The PDF-file should only be displayed when an user has role Bobo. If the user doesn't have the role, an user authentication screen (login screen) is displayed. The Method only works when the browser cache is empty or the file hasn't been openend yet by an user with Bobo-role. I'll explain the situations, both are on localhost. Situation I: - Browser cache is empty. - User without Bobo-role logs in and opens the PDF-file by entering its URL in the browser and gets the login screen. So far so good. Situation II: - User with Bobo-role logs in and opens the PDF-file by entering its URL in the browser and the file is being displayed. - Close browser. - User without Bobo-role logs in and opens the PDF-file by entering its URL in the browser and the file is being displayed. Not so good. The user without Bobo-role in situation II should get a login screen. Apparently because the file is in the browser cache, the user is authenticated. Does anybody know a solution to this problem or some other solution for allowing access to a fileobject depending on the role an user has? Note: Using the security setting and assigning roles is not an option because the fileobject is recreated every night. Kind regards, Leandros -- The Netherlands ___ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )