Hi. I have one more question.
Imagine there are a MessageBoard and many Message objects.
I would like to allow users to modify only his message as common message
board if user type a password for the message.
I made a view to show forms to be typed password, and I processed POSTed
values, and I redirected to the message object's editview like
messages = IMessageBoard(self.context).items()
passwd = self.request['field.passwd']
for name, message in messages:
if message.passwd == passwd:
nexturl = absoluteURL(message, self.request)
However, it does not make sense because users can access directly by
just typing URL like
http://localhost:8080/messageboardobject/messageobject/edit.html even if
he does not know password.
I learned principals, permission, roles, but they do not help this.
Furthermore, I learned user management, but it does not help this also
because I could just differenticate Member and Visitor, and it does not
mean I can differentiate all messages' roles.
This is easy problem in normal web application. Scripts which receive
POST just print out new html (in this case Classname.post). However, I
would like to use browser:editview and I have only idea, redirecting, to
show the editview.
If you have any idea. Please let me know. Thanks.
Zope3-users mailing list