Also, i have a PAU registered. Still it seems like the PAU is not being contacted for authenticating REST requests. I can Authenticate the principals in principal.zcml only. <br><br>rgds,<br>Jayarajan J N (IRC nick - jayaraj)<br>
<br><div class="gmail_quote">On Thu, Dec 11, 2008 at 12:06 PM, Jayarajan Jn <span dir="ltr"><<a href="mailto:jayarajan@musmo.com">jayarajan@musmo.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi all,<br><br>Recently i was looking for some zope3 based solutions for implementing RESTful public API. And i found z3c.rest. To begin with package I have installed it and enabled the the RESTviews for 'Folder' that is provided in the 'tests' sub-folder of z3c.rest. It works fine. Then i changed the Permission setting for GET view from 'zope.View' to 'zope.ManageContent' and i expected this would make the GET view of the Folder to be unavailable to the Public. But it was still possible for me to call the GET view with an 'unauthorised' request.<br>
<br>Similarly, i changed the permission for POST/PUT from 'zope.ManageContent' to 'zope.Public' and still I had to get authenticated to access it.<br><br>Can any one please tell me how can i use local grants with z3c.rest? I expected it to work the same way as other zope:views do. Please help me on this.<br>
<br>I have installed the package available in the svn trunk. Zope3 setup is zope3.4.0c1 + python 2.5<br>I have tested the GET view using both web browser and a python script.<br><br>Following is the original configurations from z3c/rest/tests/folder.zcml<br>
<br>########################<br><view<br> for="zope.app.folder.interfaces.IFolder"<br> name="GET"<br> type="..interfaces.IRESTRequest"<br> factory=".folder.FolderAPI"<br>
permission="zope.View"<br> allowed_attributes="GET"<br> /><br><br><view<br> for="zope.app.folder.interfaces.IFolder"<br> name="POST"<br> type="..interfaces.IRESTRequest"<br>
factory=".folder.FolderAPI"<br> permission="zope.ManageContent"<br> allowed_attributes="POST"<br> /><br><br><view<br> for="zope.app.folder.interfaces.IFolder"<br>
name="PUT"<br> type="..interfaces.IRESTRequest"<br> factory=".folder.FolderAPI"<br> permission="zope.ManageContent"<br> allowed_attributes="PUT"<br> /><br>
##########################<br><br>This is how i changed it <br><br>------------------------------------------------------------------<br><view<br> for="zope.app.folder.interfaces.IFolder"<br> name="GET"<br>
type="..interfaces.IRESTRequest"<br> factory=".folder.FolderAPI"<br> permission="zope.ManageContent"<br> allowed_attributes="GET"<br> /><br><br><view<br> for="zope.app.folder.interfaces.IFolder"<br>
name="POST"<br> type="..interfaces.IRESTRequest"<br> factory=".folder.FolderAPI"<br> permission="zope.Public"<br> allowed_attributes="POST"<br> /><br>
<br><view<br> for="zope.app.folder.interfaces.IFolder"<br> name="PUT"<br> type="..interfaces.IRESTRequest"<br> factory=".folder.FolderAPI"<br> permission="zope.Public"<br>
allowed_attributes="PUT"<br> /><br>--------------------------------------------------------------------<br><br>Thanks in advance.<br><br>rgds,<br>Jayarajan J N (IRC nick - jayaraj)<br><br>
</blockquote></div><br>