restrict external editing for text and open admin interface to zope.ManageSite permission

git-svn-id: svn://svn.cy55.de/Zope3/src/loops/trunk@1643 fd906abe-77d9-0310-91a1-e0d9ade77398

browser/common.py

@@ -37,7 +37,7 @@ from zope.publisher.browser import applySkin
 from zope.publisher.interfaces.browser import IBrowserSkinType
 from zope import schema
 from zope.schema.vocabulary import SimpleTerm
-from zope.security import canAccess, canWrite
+from zope.security import canAccess, canWrite, checkPermission
 from zope.security.proxy import removeSecurityProxy
 from zope.traversing.browser import absoluteURL
 from zope.traversing.api import getName
@@ -252,6 +252,7 @@ class BaseView(GenericView):
     def openEditWindow(self, viewName='edit.html'):
         if self.editable:
             #if self.request.principal.id == 'rootadmin'
+            if checkPermission('zope.ManageSite', self.context):
                 return "openEditWindow('%s/@@%s')" % (self.url, viewName)
         return ''
 
@@ -260,8 +261,9 @@ class BaseView(GenericView):
         ct = getattr(self.context, 'contentType', '')
         if not ct or ct == 'application/pdf':
             return False
-        if ct.startswith('text/'):
+        if ct.startswith('text/') and ct != 'text/rtf':
-            return self.request.principal.id == 'rootadmin'
+            return checkPermission('zope.ManageSite', self.context)
+            #return self.request.principal.id == 'rootadmin'
         return canWrite(self.context, 'title')
 
     @Lazy