[Zope-CMF] Security Question

Chris Withers chrisw@nipltd.com
Mon, 11 Feb 2002 00:41:22 +0000


seb bacon wrote:
> 
> > How would I go about doing that?
> 
> in the __init__ of CMFDefault, all the PortalContent factory methods are
> registered with a single permission, all at once ('add portal content').
>   just register them separately.

Actually, the following patch to folder_factories.pt:

RCS file: /cvs-repository/CMF/CMFDefault/skins/zpt_generic/folder_factories.pt,v
retrieving revision 1.2
diff -r1.2 folder_factories.pt
15,16c15,16
< <td>
< <table width="100%" class="FormLayout" tal:repeat="item
here/allowedContentTypes">
---
> <td tal:define="allowedContentTypes python:modules['ZTUtils'].LazyFilter(here.allowedContentTypes(),skip='')">
> <table width="100%" class="FormLayout" tal:repeat="item allowedContentTypes">

...allows you to filter what types show up in the list by adjusting the 'Access
contents information' permission on the Type Information object.

It doesn't actually secure invokeFactory but it's good enough for me and I'm
gonna stick in CVS now...

cheers,

Chris