[Zope3-Users] How to allow one user to access only his object
TAHARA Yusei
yusei at domen.cx
Fri Oct 21 10:31:41 EDT 2005
Hi.
On Fri, 21 Oct 2005 05:06:32 -0700
Naotoshi Seo <sonots at sonots.com> wrote:
> At this post method, do I redirect to a URL like
> ./edit.html?field.passwd=KDJFKJA ? It is not cool. Are there any ways?
Why you don't post to "edit.html" from "password.html"?
> Furthermore, returning object in publishTraverse() did not work. I had
> to create a view like zapi.queryView(subob, name, request). Why? Am I
> missing something?
zapi.queryView has been deprecated. You should use queryMultiAdapter.
queryMultiAdapter((self.context, request), name=name)
> Furthermore, can I prohibit users to access directly as
> http://localhost:8080/messageboardobject/messageobject/edit.html? It
> looks I have to keep open this URL so that Traverser can open this. But,
> if this is possible, nothing was changed from before.
if MessageBoardTraverser works well, you can protect "edit.html"
from invalid access.
Best Regards,
--
Tahara Yusei
yusei at domen.cx
More information about the Zope3-users
mailing list