修改 DublinCore 元数据和 Plone 4 的读取权限
我使用 Dexterity 创建了一个自定义内容类型,效果很好。该内容应该是可见的,但其创建者对非特权成员隐藏。
显然,我可以通过从模板中删除文档署名来实现此目的,但如果我作为普通成员将“/Creator”附加到内容中,我仍然可以看到创建者。
当然,我可以通过重写 Products.CMFDefault.DublinCore.DefaultDublinCoreImpl.Creator() 并引入额外的检查来解决这个问题,但它很脏且无法维护。
在 Dexterity 的背景下(如果适用),有选择地向非特权用户隐藏内容 DublinCore 元数据的最佳方法是什么?
I have created a custom content-type using Dexterity that works fine. This content should be viewable but its creator kept hidden from unpriviledged members.
I can obviously accomplish this by removing the document-byline from the template, but if I append, as a normal member, '/Creator' to the content I can still see the creator.
I can solve this by overriding Products.CMFDefault.DublinCore.DefaultDublinCoreImpl.Creator() and introducing an additional check, of course, but it's dirty and unmaintainable.
What's the best approach to selectively hide content DublinCore metadata from unpriviledged users, in the context of Dexterity (if applicable)?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
另一个解决方案是为此上下文重新定义 Zope 安全性:
这重新定义了 dexterity.Item 的“Creator”方法的安全性,因此
只有具有 ManagePortal 权限的用户才能访问此内容
信息。
然而,ajung 指出,这可能会破坏任何对 Creator 方法做出假设但没有找到它、没有所需权限的代码。它还删除了该方法之前的所有安全声明。
还有其他想法吗?
Another solution is to redefine Zope security for this context:
This redefines security for the 'Creator' method of dexterity.Item so
that only users with the ManagePortal permission can access this
information.
However, ajung notes that this might break any code that makes assumptions about the Creator method and doesn't find it, not having the required permission. It also removes all the previous security declarations for this method.
Any other ideas?