开发者

What is "view_permission" on portlet/configure.zcml for?

In <browser:page /> on Plone, I have a permission attribute. I can add a custom permission in there and have better security when the browser view is rendered.

  <browser:page
      for="*"
      name="my_view"
      class=".myview.MyView"
      allowed_interface=".myview.IMyView"
      permission="my.permission"
      />

Just adding the permission attribute it works: trying to do @@my_view, it asks for login.

Now, let's go to the portlets: portlets have a view_permission, that I thought it would do the same, or at least just wouldn't render the portlet if the user didn't have the permission - but none of these situations happen. The portlet is rendered, ignoring the view_permission, thus I still need to use the available portlet property to accomplish what I want (It seems I'm not the only one doing this approach).

So, what view_permission is for? I can't find the docs for it. It se开发者_运维技巧ems I would be able to use it like permission like browser views, but it seems I can't...


the purpose of view_permission is to restrict the portlet to users with a specific permission...as it says here:

http://svn.plone.org/svn/plone/plone.app.portlets/trunk/plone/app/portlets/metadirectives.py

here you can find an example:

http://svn.plone.org/svn/plone/plone.portlet.collection/trunk/plone/portlet/collection/configure.zcml

edit: unfortunately I have to amend my answer...the purpose of view_permission should be to restrict the portlet to users with a specific permission. But it's not yet honored, as you can see here:

  • http://svn.plone.org/svn/plone/plone.app.portlets/trunk/plone/app/portlets/browser/templates/column.pt
  • http://svn.plone.org/svn/plone/plone.app.portlets/trunk/plone/app/portlets/metaconfigure.py

(Thanks to the comment of Ulrich Schwarz that pushed me to double check.)

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜