Also, i have a PAU registered. Still it seems like the PAU is not being contacted for authenticating REST requests. I can Authenticate the principals in principal.zcml only.
rgds, Jayarajan J N (IRC nick - jayaraj) On Thu, Dec 11, 2008 at 12:06 PM, Jayarajan Jn <[EMAIL PROTECTED]> wrote: > Hi all, > > Recently i was looking for some zope3 based solutions for implementing > RESTful public API. And i found z3c.rest. To begin with package I have > installed it and enabled the the RESTviews for 'Folder' that is provided in > the 'tests' sub-folder of z3c.rest. It works fine. Then i changed the > Permission setting for GET view from 'zope.View' to 'zope.ManageContent' > and i expected this would make the GET view of the Folder to be unavailable > to the Public. But it was still possible for me to call the GET view with an > 'unauthorised' request. > > Similarly, i changed the permission for POST/PUT from 'zope.ManageContent' > to 'zope.Public' and still I had to get authenticated to access it. > > Can any one please tell me how can i use local grants with z3c.rest? I > expected it to work the same way as other zope:views do. Please help me on > this. > > I have installed the package available in the svn trunk. Zope3 setup is > zope3.4.0c1 + python 2.5 > I have tested the GET view using both web browser and a python script. > > Following is the original configurations from z3c/rest/tests/folder.zcml > > ######################## > <view > for="zope.app.folder.interfaces.IFolder" > name="GET" > type="..interfaces.IRESTRequest" > factory=".folder.FolderAPI" > permission="zope.View" > allowed_attributes="GET" > /> > > <view > for="zope.app.folder.interfaces.IFolder" > name="POST" > type="..interfaces.IRESTRequest" > factory=".folder.FolderAPI" > permission="zope.ManageContent" > allowed_attributes="POST" > /> > > <view > for="zope.app.folder.interfaces.IFolder" > name="PUT" > type="..interfaces.IRESTRequest" > factory=".folder.FolderAPI" > permission="zope.ManageContent" > allowed_attributes="PUT" > /> > ########################## > > This is how i changed it > > ------------------------------------------------------------------ > <view > for="zope.app.folder.interfaces.IFolder" > name="GET" > type="..interfaces.IRESTRequest" > factory=".folder.FolderAPI" > permission="zope.ManageContent" > allowed_attributes="GET" > /> > > <view > for="zope.app.folder.interfaces.IFolder" > name="POST" > type="..interfaces.IRESTRequest" > factory=".folder.FolderAPI" > permission="zope.Public" > allowed_attributes="POST" > /> > > <view > for="zope.app.folder.interfaces.IFolder" > name="PUT" > type="..interfaces.IRESTRequest" > factory=".folder.FolderAPI" > permission="zope.Public" > allowed_attributes="PUT" > /> > -------------------------------------------------------------------- > > Thanks in advance. > > rgds, > Jayarajan J N (IRC nick - jayaraj) > >
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )