[Zope-CMF] View permissions not triggering
Charlie Clark
charlie.clark at clark-consulting.eu
Sat Jun 26 10:08:36 EDT 2010
Am 26.06.2010, 16:03 Uhr, schrieb yuppie <y.2010 at wcm-solutions.de>:
Hiya yuppie,
I guess it's only appropriate that you replied to this.
> Which "current check" do you mean? Right now there is no logged_in view
> so there is no permission check for a logged_in view.
In the PythonScript logged_in.py the following check is performed:
isAnon = mtool.isAnonymousUser()
if isAnon:
context.REQUEST.RESPONSE.expireCookie('__ac', path='/')
options['is_anon'] = True
options['title'] = _(u'Login failure')
options['admin_email'] = ptool.getProperty('email_from_address')
>> by a view permission such as
>> "cmf.AddPortalContent" but no matter what I set the view remains
>> callable
>> by a non-authenticated user. Are the permissions being ignored or have I
>> got the wrong end of the stick?
> In case you are modifying the permission for the logged_in *action*
> you've got the wrong end.
No, I mean the permission set in the zcml view registration. As previously
discussed, I don't think "logged_in" and "logged_out" should be portal
actions as they are states.
Charlie
--
Charlie Clark
Managing Director
Clark Consulting & Research
German Office
Helmholtzstr. 20
Düsseldorf
D- 40215
Tel: +49-211-600-3657
Mobile: +49-178-782-6226
More information about the Zope-CMF
mailing list