[prev in list] [next in list] [prev in thread] [next in thread]
List: zope-dev
Subject: Re: [Zope-dev] local grants for z3c.rest not working.
From: "Jayarajan Jn" <jayarajan () musmo ! com>
Date: 2008-12-11 7:28:39
Message-ID: acfe89a90812102316k3efc73c5gc5413f8161be5d92 () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Also, i have a PAU registered. Still it seems like the PAU is not being
contacted for authenticating REST requests. I can Authenticate the
principals in principal.zcml only.
rgds,
Jayarajan J N (IRC nick - jayaraj)
On Thu, Dec 11, 2008 at 12:06 PM, Jayarajan Jn <jayarajan@musmo.com> wrote:
> Hi all,
>
> Recently i was looking for some zope3 based solutions for implementing
> RESTful public API. And i found z3c.rest. To begin with package I have
> installed it and enabled the the RESTviews for 'Folder' that is provided in
> the 'tests' sub-folder of z3c.rest. It works fine. Then i changed the
> Permission setting for GET view from 'zope.View' to 'zope.ManageContent'
> and i expected this would make the GET view of the Folder to be unavailable
> to the Public. But it was still possible for me to call the GET view with an
> 'unauthorised' request.
>
> Similarly, i changed the permission for POST/PUT from 'zope.ManageContent'
> to 'zope.Public' and still I had to get authenticated to access it.
>
> Can any one please tell me how can i use local grants with z3c.rest? I
> expected it to work the same way as other zope:views do. Please help me on
> this.
>
> I have installed the package available in the svn trunk. Zope3 setup is
> zope3.4.0c1 + python 2.5
> I have tested the GET view using both web browser and a python script.
>
> Following is the original configurations from z3c/rest/tests/folder.zcml
>
> ########################
> <view
> for="zope.app.folder.interfaces.IFolder"
> name="GET"
> type="..interfaces.IRESTRequest"
> factory=".folder.FolderAPI"
> permission="zope.View"
> allowed_attributes="GET"
> />
>
> <view
> for="zope.app.folder.interfaces.IFolder"
> name="POST"
> type="..interfaces.IRESTRequest"
> factory=".folder.FolderAPI"
> permission="zope.ManageContent"
> allowed_attributes="POST"
> />
>
> <view
> for="zope.app.folder.interfaces.IFolder"
> name="PUT"
> type="..interfaces.IRESTRequest"
> factory=".folder.FolderAPI"
> permission="zope.ManageContent"
> allowed_attributes="PUT"
> />
> ##########################
>
> This is how i changed it
>
> ------------------------------------------------------------------
> <view
> for="zope.app.folder.interfaces.IFolder"
> name="GET"
> type="..interfaces.IRESTRequest"
> factory=".folder.FolderAPI"
> permission="zope.ManageContent"
> allowed_attributes="GET"
> />
>
> <view
> for="zope.app.folder.interfaces.IFolder"
> name="POST"
> type="..interfaces.IRESTRequest"
> factory=".folder.FolderAPI"
> permission="zope.Public"
> allowed_attributes="POST"
> />
>
> <view
> for="zope.app.folder.interfaces.IFolder"
> name="PUT"
> type="..interfaces.IRESTRequest"
> factory=".folder.FolderAPI"
> permission="zope.Public"
> allowed_attributes="PUT"
> />
> --------------------------------------------------------------------
>
> Thanks in advance.
>
> rgds,
> Jayarajan J N (IRC nick - jayaraj)
>
>
[Attachment #5 (text/html)]
Also, i have a PAU registered. Still it seems like the PAU is not being contacted for \
authenticating REST requests. I can Authenticate the principals in \
principal.zcml only. <br><br>rgds,<br>Jayarajan J N (IRC nick - jayaraj)<br> <br><div \
class="gmail_quote">On Thu, Dec 11, 2008 at 12:06 PM, Jayarajan Jn <span \
dir="ltr"><<a href="mailto:jayarajan@musmo.com">jayarajan@musmo.com</a>></span> \
wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, \
204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"> Hi all,<br><br>Recently i was \
looking for some zope3 based solutions for implementing RESTful public API. And i \
found z3c.rest. To begin with package I have installed it and enabled the the \
RESTviews for 'Folder' that is provided in the 'tests' sub-folder of \
z3c.rest. It works fine. Then i changed the Permission setting for GET view \
from 'zope.View' to 'zope.ManageContent' and i expected this would \
make the GET view of the Folder to be unavailable to the Public. But it was still \
possible for me to call the GET view with an 'unauthorised' request.<br>
<br>Similarly, i changed the permission for POST/PUT from \
'zope.ManageContent' to 'zope.Public' and still I had to get \
authenticated to access it.<br><br>Can any one please tell me how can i use local \
grants with z3c.rest? I expected it to work the same way as other zope:views do. \
Please help me on this.<br>
<br>I have installed the package available in the svn trunk. Zope3 setup is \
zope3.4.0c1 + python 2.5<br>I have tested the GET view using both web browser and a \
python script.<br><br>Following is the original configurations from \
z3c/rest/tests/folder.zcml<br>
<br>########################<br><view<br> \
for="zope.app.folder.interfaces.IFolder"<br> \
name="GET"<br> \
type="..interfaces.IRESTRequest"<br> \
factory=".folder.FolderAPI"<br>
permission="zope.View"<br> \
allowed_attributes="GET"<br> \
/><br><br><view<br> \
for="zope.app.folder.interfaces.IFolder"<br> \
name="POST"<br> \
type="..interfaces.IRESTRequest"<br>
factory=".folder.FolderAPI"<br> \
permission="zope.ManageContent"<br> \
allowed_attributes="POST"<br> \
/><br><br><view<br> \
for="zope.app.folder.interfaces.IFolder"<br>
name="PUT"<br> \
type="..interfaces.IRESTRequest"<br> \
factory=".folder.FolderAPI"<br> \
permission="zope.ManageContent"<br> \
allowed_attributes="PUT"<br> /><br>
##########################<br><br>This is how i changed it \
<br><br>------------------------------------------------------------------<br><view<br> \
for="zope.app.folder.interfaces.IFolder"<br> \
name="GET"<br>
type="..interfaces.IRESTRequest"<br> \
factory=".folder.FolderAPI"<br> \
permission="zope.ManageContent"<br> \
allowed_attributes="GET"<br> \
/><br><br><view<br> \
for="zope.app.folder.interfaces.IFolder"<br>
name="POST"<br> \
type="..interfaces.IRESTRequest"<br> \
factory=".folder.FolderAPI"<br> \
permission="zope.Public"<br> \
allowed_attributes="POST"<br> /><br>
<br><view<br> \
for="zope.app.folder.interfaces.IFolder"<br> \
name="PUT"<br> \
type="..interfaces.IRESTRequest"<br> \
factory=".folder.FolderAPI"<br> \
permission="zope.Public"<br>
allowed_attributes="PUT"<br> \
/><br>--------------------------------------------------------------------<br><br>Thanks \
in advance.<br><br>rgds,<br>Jayarajan J N (IRC nick - jayaraj)<br><br> \
</blockquote></div><br>
_______________________________________________
Zope-Dev maillist - Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic