[Product-Developers]How to control one filed's security of a content type via zcml

柯铁军 mujinjun at ysu.edu.cn
Fri May 22 09:27:54 UTC 2009


Hi,
 
  I'd like to let anonymous add a new content type MyGuestBookEntry except one filed Reply which should be set by someone such as site's manager. The content type was developed with interfaces and archetypes framework.
  At first, I planned to use <require /> directive in content/configure.zcml such as:
<class class=".MyGuestBookEntry.MyGuestBookEngry">
    <require
        permission="zope2.Public"
        interface="..interfaces.IMySqlGuestbookEntry"
        />
	<require
        permission="zope2.Public"
        set_schema="..interfaces.IMySqlGuestbookEntry"
        />
	<require
        permission="cmf.ModifyPortalContent"
        attributes="reply"
        />
</class>
But I don't know how to control the security via zcml in detail. I found <require /> directive has set_attributes in zope3 but not in Plone 3. 
I thought if I gave the anonymous the authority to add the content type and claimed to protect the attribute reply, Plone could handle it intelligently. But in fact what I got was the error because of my messed-up configuration.
Then I planned to customize the content type's add form which could be auto-generated by archetypes. But I didn't konw how to do it.
I wish there be some sample codes to control the security with zcml or customize the archetype's add form.





More information about the Product-Developers mailing list