什么是“view_permission”？在 portlet/configure.zcml 上？

发布于 2024-12-02 11:50:20 字数 1122 浏览 2 评论 0 原文

在 Plone 上的中，我有一个 permission 属性。我可以在其中添加自定义权限，并在呈现浏览器视图时获得更好的安全性。

  <browser:page
      for="*"
      name="my_view"
      class=".myview.MyView"
      allowed_interface=".myview.IMyView"
      permission="my.permission"
      />

只需添加 permission 属性就可以了：尝试执行 @@my_view 时，它会要求登录。

现在，让我们看看 portlet：portlet 有一个 view_permission，我认为它是也会做同样的事情，或者至少在用户没有权限的情况下不会呈现 portlet - 但这些情况都不会发生。 portlet 已渲染，忽略 view_permission，因此我仍然需要使用可用的 portlet 属性来完成我想要的（看来我不是唯一的正在做这种方法）。

那么，view_permission 的用途是什么？我找不到它的文档。看来我可以像浏览器视图一样使用它，但似乎我不能......

原文

In <browser:page /> on Plone, I have a permission attribute. I can add a custom permission in there and have better security when the browser view is rendered.

  <browser:page
      for="*"
      name="my_view"
      class=".myview.MyView"
      allowed_interface=".myview.IMyView"
      permission="my.permission"
      />

Just adding the permission attribute it works: trying to do @@my_view, it asks for login.

Now, let's go to the portlets: portlets have a view_permission, that I thought it would do the same, or at least just wouldn't render the portlet if the user didn't have the permission - but none of these situations happen. The portlet is rendered, ignoring the view_permission, thus I still need to use the available portlet property to accomplish what I want (It seems I'm not the only one doing this approach).

So, what view_permission is for? I can't find the docs for it. It seems I would be able to use it like permission like browser views, but it seems I can't...