[Zope3-Users] Re: How to test for object metatype
Philipp von Weitershausen
philipp at weitershausen.de
Mon Apr 18 08:17:50 EDT 2005
Cliff Ford wrote:
> I begin to see the light: with an update method in a class supporting
> the view I was getting a forbidden attribute error. I am not sure how to
> deal with that so I have left the update method in the content class but
> put all code to do with the edit form in the view class. Not quite right
> because form fields are processed in the content class.
As you've mentioned it yourself, doing form processing in the content
class isn't a good way to go.
Understanding your problem is simple though: Whenever (and there's no
rule to that exception) you get a ForbiddenAttributeError, your
application is lacking security declarations for that particular class.
Provide those declarations and it will work, provided you have the
corresponding privileges.
If you go through section 18.1 of my book, in particular the part titled
"Examples", you'll notice the difference between ForbiddenAttributeError
and Unauthorized. The former is an indication of lacking security
declarations and thus a bug in the app, the latter is a sign that your
current credentials don't have the authorization to perform this action...
Philipp
More information about the Zope3-users
mailing list