[Zope3-checkins] SVN:
Zope3/trunk/src/zope/app/dublincore/timeannotators.py Unwrap
DCadapter in time annotators.
Albertas Agejevas
alga at pov.lt
Fri Feb 25 19:10:46 EST 2005
On Fri, Feb 25, 2005 at 04:58:24PM -0600, Garrett Smith wrote:
> - The annotator should either explicitly check before setting a DC attr,
> or handle the Unauthorized with a no-op (IMO the later is preferable).
>
> - You (IOW your app) should make sure any principal/role with the
> zope.ManageContent permission also has zope.app.dublincore.change.
I disagee with you on both counts. Imagine a forum where anonymous
users post comments. Your suggestions imply that either DC write
access will be public, or modification times will not be updated.
This is bogus.
A more plausible model would be if the event subscribers could be
declared as "trusted" if they do system-level things, like updating
the DC metadata or indexes.
removeSecurityProxy, in essence, does the same thing. I know it's a
hack, but I have failed to find a cleaner solution, and I'm waiting
for Jim to tell me what to do :-)
Albertas
More information about the Zope3-Checkins
mailing list