[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/OFS/Content/ZPTPage
- zptpage.zcml:1.1.2.2.4.1
Tres Seaver
tseaver@zope.com
Sun, 28 Apr 2002 08:46:23 -0400
Jim Fulton wrote:
> Update of /cvs-repository/Zope3/lib/python/Zope/App/OFS/Content/ZPTPage
> In directory cvs.zope.org:/tmp/cvs-serv15087
>
> Modified Files:
> Tag: SecurityProxy-branch
> zptpage.zcml
> Log Message:
> Changed to use general Zope.ManageContent permission for adding.
>
>
> === Zope3/lib/python/Zope/App/OFS/Content/ZPTPage/zptpage.zcml 1.1.2.2 => 1.1.2.2.4.1 ===
> >
>
> - <security:permission permission_id="Zope.AddZPTPages"
> - title="Add ZPT Pages" />
> -
> <zmi:factoryFromClass name="ZPTPage"
> class=".ZPTPage."
> - permission_id="Zope.AddZPTPages"
> + permission_id="Zope.ManageContent"
> title="ZPT Page"
> description="A simple, content-based Page Template" />
Because they contain scripting, I am not sure that ZPTPages should be
protected by the same permission as "dumb" content. They are too
risky, IMNSHO, to turn loose on "normal" content managers *by default*.
Sites which want such a policy should be able to achieve that by either
overriding the permission, or by granting the 'Zope.AddZPTPages' to the
role.
Tres.
--
===============================================================
Tres Seaver tseaver@zope.com
Zope Corporation "Zope Dealers" http://www.zope.com