[Zope3-dev] Security with Viewlets
Paul Carduner
paulcarduner at gmail.com
Thu Nov 16 17:39:15 EST 2006
Hi,
I am having trouble debugging viewlets that redirect to Unauthorized
pages. Here is the synopsis. We have a "dashboard" page with a bunch
of viewlets displaying information about all different parts of the
system. When one viewlet tries to access forbidden attributes, the
whole page gets redirected to the "Unauthorized" view. I would rather
see a little message in place of the questionable viewlet saying "this
viewlet is trying to access forbidden data."
Ideally, the viewlet manager would "wrap" each viewlet in some fool
proof environment such that if anything went wrong with the viewlet -
security or otherwise - then the viewlet manager would handle each
problem appropriately.
Can anyone recommend an approach to doing this or explain why it is a
bad idea altogether?
Alternatively, any hints on debugging security? I wish there was an
easy way to see exactly which attribute of which object denied access.
Thanks,
Paul
More information about the Zope3-dev
mailing list