getNotAddableTypes not usable any longer?

classic Classic list List threaded Threaded
5 messages Options
llcolombo llcolombo
Reply | Threaded
Open this post in threaded view
|

getNotAddableTypes not usable any longer?

Hi all
I have recently migrated to Plone 3.3.4 (directly from Plone 3.1.2).
I found out that permissions triggers for running invokeFactory have
changed. That's fine of course, but I am experiencing an odd behaviour. I
defined a group of users which have limited capabilities for adding content,
ie they can add only certain portal_types. Previously, I bound such
portal_types to a specific workflow where such users had the "Modify portal
content" permission, and everything was working. Now, as InvokeFactory needs
the "Add portal content" permission, I need to grant them with such
permission in the areas where they can add such content. I defined some
local policies to do this.
The problem which is left is that, in some areas where these users would
actually not be allowed to add whatever content, the content menu does show
some addable types. If these users try to add one of the types, however,
they are prompted by the unhauthorized message, but I cannot prevent the
list of addable types from showing.
Therefore I thought of using the getNotAddableTypes script, customizing it
accordingly:
# customize this script to filter addable portal types based on
# context, the current user or other criteria
from AccessControl import getSecurityManager

notAddableTypes = ['Favorite']
types = context.allowedContentTypes()
if not getSecurityManager().checkPermission('Add portal content', context):
    for t in types:
        notAddableTypes.append(t.getId())

return notAddableTypes

The script works fine, if I run it in the various areas it behaves as I
would expect. But I guess that script is not taken into account any longer,
as I still see the menu for fast adding content.

How shall I workaround this?

thanks&bye
Lucia



------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Plone-Users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-users
Vincent Fretin Vincent Fretin
Reply | Threaded
Open this post in threaded view
|

Re: getNotAddableTypes not usable any longer?

Hi,

It may be an interest for you. I have a custom folderish Workspace
content type and I added the following method:

    def getDefaultAddableTypes(self, context=None):
        """A user can only create a EnterpriseList if he has both
EnterpriseData Reader role and
        the right to write to the workspace. The Add menu generation
uses getDefaultAddableTypes
        but it checks only the Add permissions, not the 'Modify portal
content' on the container.
        So you see the EntrepriseList in the list of addable content
types but you have an error
        when you try to create it.
        (Only EnterpriseData Reader have the 'Add EnterpriseList'.)
        """
        if context is None:
            context = self
        addable_types = ATFolder.getDefaultAddableTypes(self, context)
        site = getUtility(ISiteRoot)
        user = site.portal_membership.getAuthenticatedMember()
        if user and not user.checkPermission('Modify portal content', context):
            return [fti for fti in addable_types if fti.getId() !=
'EnterpriseList']
        return addable_types

Vincent Fretin
Ecreall
Site : http://vincentfretin.ecreall.com



On Tue, Feb 2, 2010 at 11:26 PM, Lucia Colombo <[hidden email]> wrote:

> Hi all
> I have recently migrated to Plone 3.3.4 (directly from Plone 3.1.2).
> I found out that permissions triggers for running invokeFactory have
> changed. That's fine of course, but I am experiencing an odd behaviour. I
> defined a group of users which have limited capabilities for adding content,
> ie they can add only certain portal_types. Previously, I bound such
> portal_types to a specific workflow where such users had the "Modify portal
> content" permission, and everything was working. Now, as InvokeFactory needs
> the "Add portal content" permission, I need to grant them with such
> permission in the areas where they can add such content. I defined some
> local policies to do this.
> The problem which is left is that, in some areas where these users would
> actually not be allowed to add whatever content, the content menu does show
> some addable types. If these users try to add one of the types, however,
> they are prompted by the unhauthorized message, but I cannot prevent the
> list of addable types from showing.
> Therefore I thought of using the getNotAddableTypes script, customizing it
> accordingly:
> # customize this script to filter addable portal types based on
> # context, the current user or other criteria
> from AccessControl import getSecurityManager
>
> notAddableTypes = ['Favorite']
> types = context.allowedContentTypes()
> if not getSecurityManager().checkPermission('Add portal content', context):
>    for t in types:
>        notAddableTypes.append(t.getId())
>
> return notAddableTypes
>
> The script works fine, if I run it in the various areas it behaves as I
> would expect. But I guess that script is not taken into account any longer,
> as I still see the menu for fast adding content.
>
> How shall I workaround this?
>
> thanks&bye
> Lucia
>
>
>
> ------------------------------------------------------------------------------
> The Planet: dedicated and managed hosting, cloud storage, colocation
> Stay online with enterprise data centers and the best network in the business
> Choose flexible plans and management services without long-term contracts
> Personal 24x7 support from experience hosting pros just a phone call away.
> http://p.sf.net/sfu/theplanet-com
> _______________________________________________
> Plone-Users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/plone-users
>

------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Plone-Users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-users
llcolombo llcolombo
Reply | Threaded
Open this post in threaded view
|

Re: getNotAddableTypes not usable any longer?

Thanks, but my problem is on standard folders... I would not like, really, to change all the folders in the site to be custom ones, the site has been in production already for years :-(

I am really wondering how comes that it looks like the getNotAddableTypes is not triggered any longer, unless I have missed something or did something stupid :-(

bye
Lucia

On mer, 2010-02-03 at 11:20 +0100, Vincent Fretin wrote:
Hi,

It may be an interest for you. I have a custom folderish Workspace
content type and I added the following method:

    def getDefaultAddableTypes(self, context=None):
        """A user can only create a EnterpriseList if he has both
EnterpriseData Reader role and
        the right to write to the workspace. The Add menu generation
uses getDefaultAddableTypes
        but it checks only the Add permissions, not the 'Modify portal
content' on the container.
        So you see the EntrepriseList in the list of addable content
types but you have an error
        when you try to create it.
        (Only EnterpriseData Reader have the 'Add EnterpriseList'.)
        """
        if context is None:
            context = self
        addable_types = ATFolder.getDefaultAddableTypes(self, context)
        site = getUtility(ISiteRoot)
        user = site.portal_membership.getAuthenticatedMember()
        if user and not user.checkPermission('Modify portal content', context):
            return [fti for fti in addable_types if fti.getId() !=
'EnterpriseList']
        return addable_types

Vincent Fretin
Ecreall
Site : http://vincentfretin.ecreall.com



On Tue, Feb 2, 2010 at 11:26 PM, Lucia Colombo <[hidden email]> wrote:
> Hi all
> I have recently migrated to Plone 3.3.4 (directly from Plone 3.1.2).
> I found out that permissions triggers for running invokeFactory have
> changed. That's fine of course, but I am experiencing an odd behaviour. I
> defined a group of users which have limited capabilities for adding content,
> ie they can add only certain portal_types. Previously, I bound such
> portal_types to a specific workflow where such users had the "Modify portal
> content" permission, and everything was working. Now, as InvokeFactory needs
> the "Add portal content" permission, I need to grant them with such
> permission in the areas where they can add such content. I defined some
> local policies to do this.
> The problem which is left is that, in some areas where these users would
> actually not be allowed to add whatever content, the content menu does show
> some addable types. If these users try to add one of the types, however,
> they are prompted by the unhauthorized message, but I cannot prevent the
> list of addable types from showing.
> Therefore I thought of using the getNotAddableTypes script, customizing it
> accordingly:
> # customize this script to filter addable portal types based on
> # context, the current user or other criteria
> from AccessControl import getSecurityManager
>
> notAddableTypes = ['Favorite']
> types = context.allowedContentTypes()
> if not getSecurityManager().checkPermission('Add portal content', context):
>    for t in types:
>        notAddableTypes.append(t.getId())
>
> return notAddableTypes
>
> The script works fine, if I run it in the various areas it behaves as I
> would expect. But I guess that script is not taken into account any longer,
> as I still see the menu for fast adding content.
>
> How shall I workaround this?
>
> thanks&bye
> Lucia
>
>
>
> ------------------------------------------------------------------------------
> The Planet: dedicated and managed hosting, cloud storage, colocation
> Stay online with enterprise data centers and the best network in the business
> Choose flexible plans and management services without long-term contracts
> Personal 24x7 support from experience hosting pros just a phone call away.
> http://p.sf.net/sfu/theplanet-com
> _______________________________________________
> Plone-Users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/plone-users
>

Lucia Colombo
mobile: +39-347-4448729
email: [hidden email]
          [hidden email]

------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Plone-Users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-users
llcolombo llcolombo
Reply | Threaded
Open this post in threaded view
|

Re: getNotAddableTypes not usable any longer?

In reply to this post by Vincent Fretin
I am actually experiencing that the getNotAddableTypes  script is triggered in the site root, where the addable types actually disappear for the users which are not allowed to add content. But in folders it does not work.

Anybody has a clue please?

Bye
Lucia


On mer, 2010-02-03 at 11:20 +0100, Vincent Fretin wrote:
Hi,

It may be an interest for you. I have a custom folderish Workspace
content type and I added the following method:

    def getDefaultAddableTypes(self, context=None):
        """A user can only create a EnterpriseList if he has both
EnterpriseData Reader role and
        the right to write to the workspace. The Add menu generation
uses getDefaultAddableTypes
        but it checks only the Add permissions, not the 'Modify portal
content' on the container.
        So you see the EntrepriseList in the list of addable content
types but you have an error
        when you try to create it.
        (Only EnterpriseData Reader have the 'Add EnterpriseList'.)
        """
        if context is None:
            context = self
        addable_types = ATFolder.getDefaultAddableTypes(self, context)
        site = getUtility(ISiteRoot)
        user = site.portal_membership.getAuthenticatedMember()
        if user and not user.checkPermission('Modify portal content', context):
            return [fti for fti in addable_types if fti.getId() !=
'EnterpriseList']
        return addable_types

Vincent Fretin
Ecreall
Site : http://vincentfretin.ecreall.com



On Tue, Feb 2, 2010 at 11:26 PM, Lucia Colombo <[hidden email]> wrote:
> Hi all
> I have recently migrated to Plone 3.3.4 (directly from Plone 3.1.2).
> I found out that permissions triggers for running invokeFactory have
> changed. That's fine of course, but I am experiencing an odd behaviour. I
> defined a group of users which have limited capabilities for adding content,
> ie they can add only certain portal_types. Previously, I bound such
> portal_types to a specific workflow where such users had the "Modify portal
> content" permission, and everything was working. Now, as InvokeFactory needs
> the "Add portal content" permission, I need to grant them with such
> permission in the areas where they can add such content. I defined some
> local policies to do this.
> The problem which is left is that, in some areas where these users would
> actually not be allowed to add whatever content, the content menu does show
> some addable types. If these users try to add one of the types, however,
> they are prompted by the unhauthorized message, but I cannot prevent the
> list of addable types from showing.
> Therefore I thought of using the getNotAddableTypes script, customizing it
> accordingly:
> # customize this script to filter addable portal types based on
> # context, the current user or other criteria
> from AccessControl import getSecurityManager
>
> notAddableTypes = ['Favorite']
> types = context.allowedContentTypes()
> if not getSecurityManager().checkPermission('Add portal content', context):
>    for t in types:
>        notAddableTypes.append(t.getId())
>
> return notAddableTypes
>
> The script works fine, if I run it in the various areas it behaves as I
> would expect. But I guess that script is not taken into account any longer,
> as I still see the menu for fast adding content.
>
> How shall I workaround this?
>
> thanks&bye
> Lucia
>
>
>
> ------------------------------------------------------------------------------
> The Planet: dedicated and managed hosting, cloud storage, colocation
> Stay online with enterprise data centers and the best network in the business
> Choose flexible plans and management services without long-term contracts
> Personal 24x7 support from experience hosting pros just a phone call away.
> http://p.sf.net/sfu/theplanet-com
> _______________________________________________
> Plone-Users mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/plone-users
>

Lucia Colombo
mobile: +39-347-4448729
email: [hidden email]
          [hidden email]

------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Plone-Users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-users
Raphael Ritz Raphael Ritz
Reply | Threaded
Open this post in threaded view
|

Re: getNotAddableTypes not usable any longer?

llcolombo wrote:
> I am actually experiencing that the getNotAddableTypes  script is
> triggered in the site root, where the addable types actually disappear
> for the users which are not allowed to add content. But in folders it
> does not work.

Smells like a bug to me.

Please file a ticket so it can be addressed and
followed up on.

Raphael



>
> Anybody has a clue please?
>
> Bye
> Lucia


------------------------------------------------------------------------------
The Planet: dedicated and managed hosting, cloud storage, colocation
Stay online with enterprise data centers and the best network in the business
Choose flexible plans and management services without long-term contracts
Personal 24x7 support from experience hosting pros just a phone call away.
http://p.sf.net/sfu/theplanet-com
_______________________________________________
Plone-Users mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/plone-users