[Zope3-dev] View permissions
Albertas Agejevas
alga at pov.lt
Mon Jan 22 17:34:47 EST 2007
Hi all,
Unpleasant things happen when views are security wrapped. Widgets
refuse to work, because they are registered as views, and get a custom
secuity checker (in zope.app.component.metaconfigure.view). The
default view custom checker only protects '__call__', leaves all other
attributes forbidden. This makes rendering a label or errors of a widget
fail. Defining security permissions for the widget class does not
help as the custom checker overrides them.
The TextWidget is registered in zope/app/form/browser/configure.zcml
as follows:
<view
type="zope.publisher.interfaces.browser.IBrowserRequest"
for="zope.schema.interfaces.ITextLine"
provides="zope.app.form.interfaces.IInputWidget"
factory=".TextWidget"
permission="zope.Public"
/>
Gary Poster helped me find 3 ways to overcome the security wrapped
widget problem:
1. ZCML only fix: add allowed_interface="...ITextBrowserWidget" to the
text widget ZCML registration, and the relevant interfaces to all
other widgets (maybe just IInputWidget is enough).
2. Make the view custom permission checker merge permissions registered
for the view class with the permissions allowed by the view
registration.
3. Make the provided interface the default allowed interface.
Fall back on allowing just __call__ for the views that only
provide zope.interface.Interface.
I feel that the last option is best. After all, the registration
above asserts the permission the view protected with, and that it
provides IInputWidget. So, making the provided interface accessible
by making it the default allowed interface will eliminate surprises
rather than introduce new ones.
(The 'allowed_interface' attribute is named somewhat ambiguously.
This is the interface that is actually protected with the permission
of the view, unlike the class allow subdirective.)
Any comments?
Albertas
More information about the Zope3-dev
mailing list