[Checkins] SVN: bluebream/website/docs/v1.0/tutorial4.rst secure browser views
Baiju M
baiju.m.mail at gmail.com
Wed Aug 18 07:51:50 EDT 2010
Log message for revision 115755:
secure browser views
Changed:
U bluebream/website/docs/v1.0/tutorial4.rst
-=-
Modified: bluebream/website/docs/v1.0/tutorial4.rst
===================================================================
--- bluebream/website/docs/v1.0/tutorial4.rst 2010-08-18 09:45:27 UTC (rev 115754)
+++ bluebream/website/docs/v1.0/tutorial4.rst 2010-08-18 11:51:50 UTC (rev 115755)
@@ -172,11 +172,44 @@
change the permissions to `View`. This is unsecure, since this includes
read and write methods, but it will suffice for this demonstration.
-Now let's go to the browser configuration file
-(``src/tc/main/configure.zcml``) and fix the permissions there.
+Now let's go to the browser view configurations and fix the permissions
+there::
+ <browser:page
+ for="tc.collector.interfaces.ICollector"
+ name="index"
+ permission="tc.View"
+ class="tc.collector.views.TicketCollectorMainView"
+ layer="tc.skin.interfaces.ITCSkin"
+ />
+
+ <browser:page
+ for="tc.collector.interfaces.ICollector"
+ name="add_ticket"
+ permission="tc.Add"
+ class="tc.collector.views.AddTicket"
+ layer="tc.skin.interfaces.ITCSkin"
+ />
+
+ <browser:page
+ for="tc.collector.interfaces.ITicket"
+ name="index"
+ permission="tc.View"
+ class="tc.collector.views.TicketMainView"
+ layer="tc.skin.interfaces.ITCSkin"
+ />
+
+ <browser:page
+ for="tc.collector.interfaces.ITicket"
+ name="add_comment"
+ permission="tc.Add"
+ class="tc.collector.views.AddComment"
+ layer="tc.skin.interfaces.ITCSkin"
+ />
+
+
That's it. If you would restart BlueBream at this point, you could not even
-access the TicketCollector and/or Ticket instances. Therefore we need to
+access the TicketCollector and/or Ticket instances. Therefore we need to
create some roles next and assign permissions to them.
.. _tut4-delcare-roles:
@@ -289,8 +322,8 @@
login and password (plain text) for the user, which is used for
authentication of course.
-Note that you might want to grant the tc.Member role to the ``zope.anybody``
-principal, so that everyone can view and add tickets.
+Note that you might want to grant the ``tc.Member`` role to the
+``zope.anybody`` principal, so that everyone can view and add tickets.
The ``zope.anybody`` principal is an unauthenticated principal, which is
defined using the ``zope:unauthenticatedPrincipal`` directive, which has the
More information about the checkins
mailing list