IssueTrackerProduct IssueTrackerProduct

About my baby Open Source project

Kung Fu Kung Fu

Fujian White Crane Kung Fu

Zope Zope

What I have and am doing with Zope

Photos Photos

Photoalbum, both old and new.

Receptsamlingen Receptsamlingen

In Swedish only. About my "Collection of Recipes" website.

Contact me Contact me

My contact details and how to contact me.

  Mobile version of this page Mobile version of this page

del.icio.us Save this page in del.icio.us

Previous:
Associative arrays
 Next:
Is peanut butter the proof that evolution doesn't happen?

Related by category

Plone

 

Learning about ATFolder's security

portal root, archetypes, unauthorized, atfolders, atfolder

22nd of March 2007

I just learned something interesting about ATFolders in Plone. For the non-Plone readers, an ATFolder is Plone's take on a normal Zope Folder but based on Archetypes instead. To begin with, Plone overrides the function manage_addFolder which means that if you do context.portal_url.getPortalObject().manage_addFolder(...) in Plone you get an ATFolder instead of a normal Folder. Fair enough.

The problem I had was that ATFolders override the manage_delObjects() function not only is it's security defined in the container, it also does a security check within. I don't know why but I'm sure there's a reason. What this means is that you can't use some_at_folder.manage_delObjects([...]) in External Methods and expect no Unauthorized errors.

I solved this security problem I had by instead creating a normal Zope folder by doing it this way instead:

 portal_root = self.portal_url.getPortalObject()
 adder = portal_root.manage_addProduct['OFSP'].manage_addFolder
 adder('PlainZopeFolder')


Comment

 
Name:
Email:
hide my email address.

Your email address will be encoded to prevent email-extraction spiders from reading it so you won't get spammed if you decide to show your email address.