Hi. I have one more question. Imagine there are a MessageBoard and many Message objects. I would like to allow users to modify only his message as common message board if user type a password for the message.
I made a view to show forms to be typed password, and I processed POSTed values, and I redirected to the message object's editview like <pages .... class=".modulename.Classname" .... > <page name="password.html" template="password.pt" /> <page name="whatever" attribute="post" /> class Classname(object): def post(self): messages = IMessageBoard(self.context).items() passwd = self.request['field.passwd'] for name, message in messages: if message.passwd == passwd: nexturl = absoluteURL(message, self.request) self.request.response.redirect(nexturl+'/edit.html') break However, it does not make sense because users can access directly by just typing URL like http://localhost:8080/messageboardobject/messageobject/edit.html even if he does not know password. I learned principals, permission, roles, but they do not help this. Furthermore, I learned user management, but it does not help this also because I could just differenticate Member and Visitor, and it does not mean I can differentiate all messages' roles. This is easy problem in normal web application. Scripts which receive POST just print out new html (in this case Classname.post). However, I would like to use browser:editview and I have only idea, redirecting, to show the editview. If you have any idea. Please let me know. Thanks. _______________________________________________ Zope3-users mailing list Zope3email@example.com http://mail.zope.org/mailman/listinfo/zope3-users