restrict attributes provided by the XML-RPC interface to plain TextField-s; bind the flash UI to the ManageConcepts permission
git-svn-id: svn://svn.cy55.de/Zope3/src/loops/trunk@1653 fd906abe-77d9-0310-91a1-e0d9ade77398
This commit is contained in:
helmutm
parent
1b83483e3f
commit
53810c1a19
5 changed files with 29 additions and 25 deletions
|
|
@ -12,7 +12,7 @@
|
||||||
for="loops.interfaces.ILoopsObject"
|
for="loops.interfaces.ILoopsObject"
|
||||||
class="loops.browser.flash.flash.FlashView"
|
class="loops.browser.flash.flash.FlashView"
|
||||||
template="flash.pt"
|
template="flash.pt"
|
||||||
permission="zope.ManageContent"
|
permission="loops.xmlrpc.ManageConcepts"
|
||||||
/>
|
/>
|
||||||
|
|
||||||
<resource name="loops.swf" file="loops.swf" />
|
<resource name="loops.swf" file="loops.swf" />
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,23 @@
|
||||||
|
|
||||||
<!-- security definitions -->
|
<!-- security definitions -->
|
||||||
|
|
||||||
|
<permission
|
||||||
|
id="loops.xmlrpc.ManageConcepts"
|
||||||
|
title="[xmlrpc-manage-concepts-permission] Manage Concepts"
|
||||||
|
/>
|
||||||
|
|
||||||
|
<role
|
||||||
|
id="loops.xmlrpc.ConceptManager"
|
||||||
|
title="[xmlrpc-manage-concepts-role] loops: Concept Manager (XML-RPC)" />
|
||||||
|
|
||||||
|
<grant
|
||||||
|
permission="loops.xmlrpc.ManageConcepts"
|
||||||
|
role="loops.xmlrpc.ConceptManager" />
|
||||||
|
|
||||||
|
<!--<zope:grant
|
||||||
|
permission="loops.xmlrpc.ManageConcepts"
|
||||||
|
role="zope.ContentManager" />-->
|
||||||
|
|
||||||
<!-- event subscribers -->
|
<!-- event subscribers -->
|
||||||
|
|
||||||
<subscriber
|
<subscriber
|
||||||
|
|
|
||||||
|
|
@ -65,8 +65,8 @@ domain concept (if present, otherwise the top-level type concept):
|
||||||
>>> xrf = LoopsMethods(loopsRoot, TestRequest())
|
>>> xrf = LoopsMethods(loopsRoot, TestRequest())
|
||||||
>>> startObj = xrf.getStartObject()
|
>>> startObj = xrf.getStartObject()
|
||||||
>>> sorted(startObj.keys())
|
>>> sorted(startObj.keys())
|
||||||
['children', 'description', 'id', 'name', 'options', 'parents', 'resources',
|
['children', 'description', 'id', 'name', 'parents', 'resources',
|
||||||
'title', 'type', 'typeInterface', 'viewName']
|
'title', 'type', 'viewName']
|
||||||
>>> startObj['id'], startObj['name'], startObj['title'], startObj['type']
|
>>> startObj['id'], startObj['name'], startObj['title'], startObj['type']
|
||||||
('1', u'domain', u'Domain', '0')
|
('1', u'domain', u'Domain', '0')
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -28,6 +28,7 @@ from zope.lifecycleevent import ObjectCreatedEvent, ObjectModifiedEvent
|
||||||
from zope.app.publisher.xmlrpc import XMLRPCView
|
from zope.app.publisher.xmlrpc import XMLRPCView
|
||||||
from zope.app.publisher.xmlrpc import MethodPublisher
|
from zope.app.publisher.xmlrpc import MethodPublisher
|
||||||
from zope.traversing.api import getName
|
from zope.traversing.api import getName
|
||||||
|
from zope.schema.interfaces import ITextLine
|
||||||
from zope.security.proxy import removeSecurityProxy
|
from zope.security.proxy import removeSecurityProxy
|
||||||
from zope.cachedescriptors.property import Lazy
|
from zope.cachedescriptors.property import Lazy
|
||||||
|
|
||||||
|
|
@ -134,6 +135,7 @@ class LoopsMethods(MethodPublisher):
|
||||||
ti = IType(obj).typeInterface
|
ti = IType(obj).typeInterface
|
||||||
if ti is not None:
|
if ti is not None:
|
||||||
obj = ti(obj)
|
obj = ti(obj)
|
||||||
|
# TODO: provide conversion if necessary
|
||||||
setattr(obj, attr, toUnicode(value))
|
setattr(obj, attr, toUnicode(value))
|
||||||
notify(ObjectModifiedEvent(obj))
|
notify(ObjectModifiedEvent(obj))
|
||||||
return 'OK'
|
return 'OK'
|
||||||
|
|
@ -147,15 +149,17 @@ def objectAsDict(obj):
|
||||||
ti = objType.typeInterface
|
ti = objType.typeInterface
|
||||||
if ti is not None:
|
if ti is not None:
|
||||||
adapter = ti(obj)
|
adapter = ti(obj)
|
||||||
for attr in (list(adapter._adapterAttributes) + list(ti)):
|
#for attr in (list(adapter._adapterAttributes) + list(ti)):
|
||||||
|
for attr in list(ti):
|
||||||
if attr not in ('__parent__', 'context', 'id', 'name',
|
if attr not in ('__parent__', 'context', 'id', 'name',
|
||||||
'title', 'description', 'type', 'data'):
|
'title', 'description', 'type', 'data'):
|
||||||
value = getattr(adapter, attr)
|
value = getattr(adapter, attr)
|
||||||
# TODO: better selection and conversion
|
# TODO: provide conversion and schema information
|
||||||
if value is None or type(value) in (str, unicode):
|
#if value is None or type(value) in (str, unicode):
|
||||||
|
if ITextLine.providedBy(ti[attr]):
|
||||||
mapping[attr] = value or u''
|
mapping[attr] = value or u''
|
||||||
elif type(value) is list:
|
#elif type(value) is list:
|
||||||
mapping[attr] = ' | '.join(value)
|
# mapping[attr] = ' | '.join(value)
|
||||||
return mapping
|
return mapping
|
||||||
|
|
||||||
def formatRelations(rels, useSecond=True):
|
def formatRelations(rels, useSecond=True):
|
||||||
|
|
|
||||||
|
|
@ -5,23 +5,6 @@
|
||||||
xmlns="http://namespaces.zope.org/xmlrpc"
|
xmlns="http://namespaces.zope.org/xmlrpc"
|
||||||
i18n_domain="zope">
|
i18n_domain="zope">
|
||||||
|
|
||||||
<zope:permission
|
|
||||||
id="loops.xmlrpc.ManageConcepts"
|
|
||||||
title="[xmlrpc-manage-concepts-permission] Manage Concepts"
|
|
||||||
/>
|
|
||||||
|
|
||||||
<zope:role
|
|
||||||
id="loops.xmlrpc.ConceptManager"
|
|
||||||
title="[xmlrpc-manage-concepts-role] loops: Concept Manager (XML-RPC)" />
|
|
||||||
|
|
||||||
<zope:grant
|
|
||||||
permission="loops.xmlrpc.ManageConcepts"
|
|
||||||
role="loops.xmlrpc.ConceptManager" />
|
|
||||||
|
|
||||||
<!--<zope:grant
|
|
||||||
permission="loops.xmlrpc.ManageConcepts"
|
|
||||||
role="zope.ContentManager" />-->
|
|
||||||
|
|
||||||
<view
|
<view
|
||||||
name="xrf"
|
name="xrf"
|
||||||
for="loops.interfaces.ILoops"
|
for="loops.interfaces.ILoops"
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue