I have a Dexterity-based container that holds inside a Dexterity-based item. I need to let Anonymous users to add objects of this type inside the container.
I already created a rolemap.xml
file with the following:
<?xml version="1.0"?>
<rolemap>
<permissions>
<permission name="my.package: Add My Type" acquire="True">
<role name="Anonymous"/>
</permission>
</permissions>
</rolemap>
I declared the permission on configure.zcml
:
<permission
id="my.package.AddMyType"
title="my.package: Add My Type"
/>
and finally I added a custom add view like this one:
class MyAddView(dexterity.AddForm):
grok.name('MyType')
grok.require('my.package.AddMyType')
the form is already showing up for anonymous users but, when I press the save button I'm redirected to the login form.
also, logged in users are also able to see the form and this is supposed not to be happening.
what else I have to do?
thanks to David Glick, who guided me, I ended up with a very simple solution involving the add
method of the AddForm
class:
class MyAddView(dexterity.AddForm):
grok.name('MyType')
grok.require('my.package.AddMyType')
def update(self):
# check here if the user is anonymous and raise exception if not
super(AddView, self).update()
def add(self, object):
container = aq_inner(self.context)
addContentToContainer(container, object, checkConstraints=False)
self.immediate_view = container.absolute_url()
to understand it better, you may want to take a look at the original code in plone.dexterity.
one important thing you may also note is that you probably need to fix your workflow permissions to remove Owner role from some of them, or you could end with content editable by anonymous users also.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With