Kwissle

My real-time quiz battle game Kwissle.com

Crosstips.org

My fun Crossword solver project. Crosstips.org & Krysstips.se

Kung Fu

Fujian White Crane Kung Fu

Photos

Photoalbum, both old and new.

Twitter

Follow me on Twitter

Contact me

My contact details and how to contact me.

 

KungFuPeople.com
Do you train Kung Fu?
Or know someone who does?
Then check out KungFuPeople.com


Mobile version of this page Mobile version of this page

Previous:
Associative arrays
 Next:
Is peanut butter the proof that evolution doesn't happen?

Related by category

Plone

 
Plone

Learning about ATFolder's security


22nd of March 2007

I just learned something interesting about ATFolders in Plone. For the non-Plone readers, an ATFolder is Plone's take on a normal Zope Folder but based on Archetypes instead. To begin with, Plone overrides the function manage_addFolder which means that if you do context.portal_url.getPortalObject().manage_addFolder(...) in Plone you get an ATFolder instead of a normal Folder. Fair enough.

The problem I had was that ATFolders override the manage_delObjects() function not only is it's security defined in the container, it also does a security check within. I don't know why but I'm sure there's a reason. What this means is that you can't use some_at_folder.manage_delObjects([...]) in External Methods and expect no Unauthorized errors.

I solved this security problem I had by instead creating a normal Zope folder by doing it this way instead:

 portal_root = self.portal_url.getPortalObject()
 adder = portal_root.manage_addProduct['OFSP'].manage_addFolder
 adder('PlainZopeFolder')



Comment

 
Name:
Email:
hide my email address.

Your email address will be encoded to prevent email-extraction spiders from reading it so you won't get spammed if you decide to show your email address.