[Zope3-Users] Problem with z3c.form security when rendering error
Markus Kemmerling
markus.kemmerling at meduniwien.ac.at
Thu Sep 20 15:26:07 EDT 2007
Hi Yuan,
Am 20.09.2007 um 18:17 schrieb Yuan HOng:
> I am new to z3c.form. In my first AddForm, I encountered the
> following problem:
>
> When the form is submitted which contains some input error, like
> missing required fields, the rendering of the error message causes an
> system error.
I'm happy to see that someone else encounters this error, too ;-) See
my posting about security concerns with `z3c.layer`'s trusted
traversers one or two weeks ago.
> [...]
> So it seems the default z3c.form security declaration only allows
> access to 'update', 'error' and 'render' attributes of an
> ErrorViewSnippet object. I tried to work this around the by adding the
> 'widget' attribute to the IErrorViewSnippet interface and the system
> error is no longer raised. However, this time, another exception is
> raised saying the 'label' property of the widget is not accessible.
Try to add security declarations for the widgets you use as well (see
the posting mentioned above).
> How can I setup my security properly to use z3c.form smoothly?
> Shouldn't 'widget' not be in IErrorViewSnippet since it is evidently
> externally used in the rendering template?
Probably.
> Thanks for suggestions.
>
> --
> Hong Yuan
>
Regards,
Markus Kemmerling
___________________
Medical University Vienna
Core Unit for Medical Education
P.O. Box 10 A-1097 Vienna
phone: +43-1-40 160-36 863 fax: +43-1-40 160-93 65 00
http://www.meduniwien.ac.at/bemaw/
More information about the Zope3-users
mailing list