Cliff Ford wrote:
I begin to see the light: with an update method in a class supporting the view I was getting a forbidden attribute error. I am not sure how to deal with that so I have left the update method in the content class but put all code to do with the edit form in the view class. Not quite right because form fields are processed in the content class.

As you've mentioned it yourself, doing form processing in the content class isn't a good way to go.

Understanding your problem is simple though: Whenever (and there's no rule to that exception) you get a ForbiddenAttributeError, your application is lacking security declarations for that particular class. Provide those declarations and it will work, provided you have the corresponding privileges.

If you go through section 18.1 of my book, in particular the part titled "Examples", you'll notice the difference between ForbiddenAttributeError and Unauthorized. The former is an indication of lacking security declarations and thus a bug in the app, the latter is a sign that your current credentials don't have the authorization to perform this action...


Zope3-users mailing list

Reply via email to