[PEAK] sitemap, specialist, and permissionNeeded (I presume)

Phillip J. Eby pje at telecommunity.com
Mon Nov 1 19:41:24 EST 2004


At 07:16 PM 11/1/04 -0500, R. David Murray wrote:
>I have to run off to a meeting, so I have to stop experimenting
>now.  I'm hoping there will magically be an answer when I get back
>(grin), but will keep experimenting if there isn't.  I've googled
>and grepped and I can't figure this out, so far.
>
>I have a sitemap:
>
><location id="root">
>     <view name="index_html" resource="fcgbilling.www/hello" />
>     <import module="fcgbilling" />
>     <container object="fcgbilling.storage.AccountDM()" />
>     <content type="fcgbilling.model.Account">
>         <allow attributes="__get__" />

You don't need the '__get__' attribute here unless it's going to be part of 
a URL path, btw.


>         <view name="index_html" resource="fcgbilling.www/account" />
>     </content>
></location>
>
>which is a bit hacked because I've been experimenting and don't
>fully understand what the directives do, but anyway...when I run
>this and try to access a member served by AccountDM, I get:
>
>    NotAllowed('10', 'Permission denied')
>
>Which is perfectly sensible.  But I can't figure out how
>to set the permission so that it can be accessed.  My goal
>here is to let anyone view the Accounts (security, for now,
>is via physical access to the internal network).

In the Account class, add:

     security.allow(security.Anybody)

This should do the trick for you.  I'm thinking about actually making this 
the default state, because the use cases for restricting *any* access to an 
object are limited.  And, it's already the default state for classes that 
have no permissions declared.  For example, if you had a container that 
contained numbers or strings, you'd be able to access them just fine.  :)




More information about the PEAK mailing list