Allow Anonymous users to add Dexterity objects

Question

I have a Dexterity-based container that holds inside a Dexterity-based item. I need to let Anonymous users to add objects of this type inside the container.

I already created a rolemap.xml file with the following:

<?xml version="1.0"?>
<rolemap>
  <permissions>
    <permission name="my.package: Add My Type" acquire="True">
      <role name="Anonymous"/>
    </permission>
  </permissions>
</rolemap>

I declared the permission on configure.zcml:

<permission
    id="my.package.AddMyType"
    title="my.package: Add My Type"
    />

and finally I added a custom add view like this one:

class MyAddView(dexterity.AddForm):
    grok.name('MyType')
    grok.require('my.package.AddMyType')

the form is already showing up for anonymous users but, when I press the save button I'm redirected to the login form.

also, logged in users are also able to see the form and this is supposed not to be happening.

what else I have to do?

Answer 1

thanks to David Glick, who guided me, I ended up with a very simple solution involving the add method of the AddForm class:

class MyAddView(dexterity.AddForm):
    grok.name('MyType')
    grok.require('my.package.AddMyType')

    def update(self):
        # check here if the user is anonymous and raise exception if not
        super(AddView, self).update()

    def add(self, object):
        container = aq_inner(self.context)
        addContentToContainer(container, object, checkConstraints=False)
        self.immediate_view = container.absolute_url()

to understand it better, you may want to take a look at the original code in plone.dexterity.

one important thing you may also note is that you probably need to fix your workflow permissions to remove Owner role from some of them, or you could end with content editable by anonymous users also.