Hi. I have one more question.

Imagine there are a MessageBoard and many Message objects.
I would like to allow users to modify only his message as common message
board if user type a password for the message.

I made a view to show forms to be typed password, and I processed POSTed
values, and I redirected to the message object's editview like


class Classname(object):

    def post(self):
        messages = IMessageBoard(self.context).items()
        passwd   = self.request['field.passwd']
        for name, message in messages:
            if message.passwd == passwd:
                nexturl = absoluteURL(message, self.request)

However, it does not make sense because users can access directly by
just typing URL like
http://localhost:8080/messageboardobject/messageobject/edit.html even if
he does not know password.

I learned principals, permission, roles, but they do not help this.
Furthermore, I learned user management, but it does not help this also
because I could just differenticate Member and Visitor, and it does not
mean I can differentiate all messages' roles.

This is easy problem in normal web application. Scripts which receive
POST just print out new html (in this case Classname.post). However, I
would like to use browser:editview and I have only idea, redirecting, to
show the editview.

If you have any idea. Please let me know. Thanks.
Zope3-users mailing list

Reply via email to