[Zope-dev] local grants for z3c.rest not working.

Jayarajan Jn jayarajan at musmo.com
Thu Dec 11 02:16:39 EST 2008


Also, i have a PAU registered. Still it seems like the PAU is not being
contacted for authenticating REST requests. I can Authenticate the
principals in  principal.zcml only.

rgds,
Jayarajan J N (IRC nick - jayaraj)

On Thu, Dec 11, 2008 at 12:06 PM, Jayarajan Jn <jayarajan at musmo.com> wrote:

> Hi all,
>
> Recently i was looking for some zope3 based solutions for implementing
> RESTful public API. And i found z3c.rest. To begin with package I have
> installed it and enabled the the RESTviews for 'Folder' that is provided in
> the 'tests' sub-folder of z3c.rest. It works fine. Then i changed the
> Permission setting for GET view  from 'zope.View' to 'zope.ManageContent'
> and i expected this would make the GET view of the Folder to be unavailable
> to the Public. But it was still possible for me to call the GET view with an
> 'unauthorised' request.
>
> Similarly, i changed the permission for POST/PUT from 'zope.ManageContent'
> to 'zope.Public' and still I had to get authenticated to access it.
>
> Can any one please tell me how can i use local grants with z3c.rest? I
> expected it to work the same way as other zope:views do. Please help me on
> this.
>
> I have installed the package available in the svn trunk. Zope3 setup is
> zope3.4.0c1 + python 2.5
> I have tested the GET view using both web browser and a python script.
>
> Following is the original  configurations from z3c/rest/tests/folder.zcml
>
> ########################
> <view
>     for="zope.app.folder.interfaces.IFolder"
>     name="GET"
>     type="..interfaces.IRESTRequest"
>     factory=".folder.FolderAPI"
>     permission="zope.View"
>     allowed_attributes="GET"
>     />
>
> <view
>     for="zope.app.folder.interfaces.IFolder"
>     name="POST"
>     type="..interfaces.IRESTRequest"
>     factory=".folder.FolderAPI"
>     permission="zope.ManageContent"
>     allowed_attributes="POST"
>     />
>
> <view
>     for="zope.app.folder.interfaces.IFolder"
>     name="PUT"
>     type="..interfaces.IRESTRequest"
>     factory=".folder.FolderAPI"
>     permission="zope.ManageContent"
>     allowed_attributes="PUT"
>     />
> ##########################
>
> This is how i changed it
>
> ------------------------------------------------------------------
> <view
>     for="zope.app.folder.interfaces.IFolder"
>     name="GET"
>     type="..interfaces.IRESTRequest"
>     factory=".folder.FolderAPI"
>     permission="zope.ManageContent"
>     allowed_attributes="GET"
>     />
>
> <view
>     for="zope.app.folder.interfaces.IFolder"
>     name="POST"
>     type="..interfaces.IRESTRequest"
>     factory=".folder.FolderAPI"
>     permission="zope.Public"
>     allowed_attributes="POST"
>     />
>
> <view
>     for="zope.app.folder.interfaces.IFolder"
>     name="PUT"
>     type="..interfaces.IRESTRequest"
>     factory=".folder.FolderAPI"
>     permission="zope.Public"
>     allowed_attributes="PUT"
>     />
> --------------------------------------------------------------------
>
> Thanks in advance.
>
> rgds,
> Jayarajan J N (IRC nick - jayaraj)
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.zope.org/pipermail/zope-dev/attachments/20081211/c6411e9e/attachment-0001.html 


More information about the Zope-Dev mailing list