1. 首頁
  2. 問答
  3. Plone 4.2 formwidget contenttree權限

Plone 4.2 formwidget contenttree權限

2013-05-07 68 views
2

我在Plone 4.2.4中有一個敏捷內容類型,它使用contenttree小部件來管理引用對象,但只在editForm中。Plone 4.2 formwidget contenttree權限

我意識到,所引用的項目必須是external_visible才能被小部件顯示,這意味着匿名用戶可以使用ViewAccessContentsInformation。那不是我想要的。所以我挖的contenttree小部件源,並添加以下到我的產品browser/configure.zcml

<include package="Products.CMFCore" file="permissions.zcml" 
     zcml:condition="installed plone.app.upgrade" /> 

<browser:page 
    for="*" 
    name="contenttree-fetch" 
    class="my.product.content.bikemetamodel.EditForm" 
    permission="cmf.ModifyPortalContent" 
    /> 
<adapter factory="my.product.browser.widgets.MetamodellContenttreeAdapter" />

和適配器

class MetamodellContenttreeAdapter(object): 
    implements(IBikeMetaModel) 
    adapts(Interface) 

def __init__(self, context): 
    self.context = context 

def _get_allowed_modeltypes(self): 
    return None 

def _set_allowed_modeltypes(self, value): 
    print "setting", value 

allowed_modeltypes = property(_get_allowed_modeltypes, _set_allowed_modeltypes)  

[...]

但這似乎還不夠。底層目錄搜索不會返回結果,如果權限設置爲拒絕給匿名用戶使用ViewAccessContentsInformation。所以我想,我必須使用視圖權限來構造某種代理用戶。

如果在新創建的視圖中使用SecurityManager作爲不同的用戶獲取結果,是否可以?或者我只是想念一些東西?

來源

2013-05-07 ansi_lumen

回答

1

好的,這裏是我如何解決這個謎。

經過一段時間的挖掘後,我意識到,我錯過了我以前的想法覆蓋@@contenttree-fetch視圖的觀點。我提出的解決方案非常簡單,對我來說看起來很優雅(足夠)。我現在做一個sudo style sidestep來收集所需的物品。

Class EditForm(dexterity.EditForm): 
    grok.context(IBikeMetaModel) 
    # If it would be another than the edit view, we could manage 
    # permisssions here. Not neccessary in edit view, because the 
    # edit permission defined in this content types *.xml counts 
    # grok.require("cmf.ModifyPortalContent") 


    @property 
    def acl_users(self): 
     return getToolByName(getSite(), 'acl_users') 

    def updateWidgets(self): 
     # This is the magic. A sudo style sidestep to a user 
     # with the id "system" that has permission to gather 
     # the required lists in the updateWidgets function of 
     # the base class 
     proxy_user = self.acl_users.getUserById("system") 
     oUser = getSecurityManager() 
     newSecurityManager(self.request, proxy_user) 
     super(EditForm, self).updateWidgets() 

     # custom widget updates 
     self.widgets['title'].mode = DISPLAY_MODE 
     self.widgets['year'].mode = HIDDEN_MODE 
     self.widgets['brand'].mode = HIDDEN_MODE 
     self.widgets['model'].mode = HIDDEN_MODE 

     # Very Important! Switch back to the original user. 
     setSecurityManager(oUser)

來源

2013-05-07 16:02:53

相關問題

 相關問題