[Zope] Re: [Zope-CMF] [HELP] Use of "portal_metadata" in a DTML file

Tres Seaver tseaver@zope.com
22 Apr 2002 10:27:42 -0400


--=-p/oUrWHp4VhZIU2Evl0p
Content-Type: text/plain
Content-Transfer-Encoding: 7bit

On Mon, 2002-04-22 at 09:56, flemaitre@fede.generali.fr wrote:
> Hello,
> 
> I'm using the tool "portal_metadata"  in order to fix a policy of metadata 
> for my site.
> But i have a problem :
>         - I'm making a DTML form wich allow my users to modify the 
> Elements of the "portal_metadata" instance
>         - In this DTML form, i get the list of metadata elements by using 
> : "portal_metada.listElementSpecs()" ==> Ok
>         - I want to access (and to modify) the detail of these elements by 
> using :
>                 * portal_metadata.getElementSpec(element='My 
> metadata').isRequired()
>                 * portal_metadata.getElementSpec(element='My 
> metadata').isMultiValued()
>                 * etc....
> 
>          ==> It doesn't work, Zope says "You are not authorized to access 
> isMultiValued", but i'm "Manager" what does it mean ?
>         From the ZMI, the form "metadataElementPolicies.dtml" (of 
> CMFDefault) does the same thing, and it's work.... Why ?

The ZMI version is a class method, and hence operates as "trusted" code;
it doesn't surface the bug you found.  The 'getElementSpec' method
returns the ElementSpec instance without wrapping it in itself, which
means that your DTML method cannot do the security checks properly.

If you would, please try the attached patch and see if it helps.

Please report this as a bug to the tracker.

> Excuse my english.... ;-)

Votre anglais est tres superieur de mon francais. :)

Tres.
-- 
===============================================================
Tres Seaver                                tseaver@zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com

--=-p/oUrWHp4VhZIU2Evl0p
Content-Disposition: attachment; filename=MetadataTool.py.diff
Content-Transfer-Encoding: quoted-printable
Content-Type: text/x-patch; name=MetadataTool.py.diff; charset=ISO-8859-1

Index: CMFDefault/MetadataTool.py
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
RCS file: /cvs-repository/CMF/CMFDefault/MetadataTool.py,v
retrieving revision 1.13
diff -u -r1.13 MetadataTool.py
--- CMFDefault/MetadataTool.py	21 Mar 2002 16:47:56 -0000	1.13
+++ CMFDefault/MetadataTool.py	22 Apr 2002 14:21:03 -0000
@@ -21,13 +21,12 @@
=20
=20
 from Globals import InitializeClass, DTMLFile
-from Persistence import Persistent
 from AccessControl import ClassSecurityInfo, getSecurityManager
 from Products.CMFCore import CMFCorePermissions
 from Products.CMFCore.ActionProviderBase import ActionProviderBase
 from utils import _dtmldir
=20
-class MetadataElementPolicy( Persistent ):
+class MetadataElementPolicy( SimpleItem ):
     """
         Represent a type-specific policy about a particular DCMI element.
     """
@@ -116,7 +115,7 @@
                         , ( 'Rights', 0 )
                         )
=20
-class ElementSpec( Persistent ):
+class ElementSpec( SimpleItem ):
     """
         Represent all the tool knows about a single metadata element.
     """
@@ -397,7 +396,7 @@
             Return an ElementSpec representing the tool's knowledge
             of 'element'.
         """
-        return self.element_specs[ element ]
+        return self.element_specs[ element ].__of__( self )
=20
     security.declareProtected( CMFCorePermissions.ManagePortal
                              , 'addElementSpec' )

--=-p/oUrWHp4VhZIU2Evl0p--