[PEAK] sitemap, specialist, and permissionNeeded (I
presume)
Phillip J. Eby
pje at telecommunity.com
Mon Nov 1 19:41:24 EST 2004
At 07:16 PM 11/1/04 -0500, R. David Murray wrote:
>I have to run off to a meeting, so I have to stop experimenting
>now. I'm hoping there will magically be an answer when I get back
>(grin), but will keep experimenting if there isn't. I've googled
>and grepped and I can't figure this out, so far.
>
>I have a sitemap:
>
><location id="root">
> <view name="index_html" resource="fcgbilling.www/hello" />
> <import module="fcgbilling" />
> <container object="fcgbilling.storage.AccountDM()" />
> <content type="fcgbilling.model.Account">
> <allow attributes="__get__" />
You don't need the '__get__' attribute here unless it's going to be part of
a URL path, btw.
> <view name="index_html" resource="fcgbilling.www/account" />
> </content>
></location>
>
>which is a bit hacked because I've been experimenting and don't
>fully understand what the directives do, but anyway...when I run
>this and try to access a member served by AccountDM, I get:
>
> NotAllowed('10', 'Permission denied')
>
>Which is perfectly sensible. But I can't figure out how
>to set the permission so that it can be accessed. My goal
>here is to let anyone view the Accounts (security, for now,
>is via physical access to the internal network).
In the Account class, add:
security.allow(security.Anybody)
This should do the trick for you. I'm thinking about actually making this
the default state, because the use cases for restricting *any* access to an
object are limited. And, it's already the default state for classes that
have no permissions declared. For example, if you had a container that
contained numbers or strings, you'd be able to access them just fine. :)
More information about the PEAK
mailing list