What is “view_permission” on portlet/configure.zcml for?
https://stackoverflow.com/questions/7262140
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
In <browser:page /> on Plone, I have a permission attribute. I can add a custom permission in there and have better security when the browser view is rendered.
<browser:page
for="*"
name="my_view"
class=".myview.MyView"
allowed_interface=".myview.IMyView"
permission="my.permission"
/>
Just adding the permission attribute it works: trying to do @@my_view, it asks for login.
Now, let's go to the portlets: portlets have a view_permission, that I thought it would do the same, or at least just wouldn't render the portlet if the user didn't have the permission - but none of these situations happen. The portlet is rendered, ignoring the view_permission, thus I still need to use the available portlet property to accomplish what I want (It seems I'm not the only one doing this approach).
So, what view_permission is for? I can't find the docs for it. It seems I would be able to use it like permission like browser views, but it seems I can't...
Solution
the purpose of view_permission is to restrict the portlet to users with a specific permission...as it says here:
http://svn.plone.org/svn/plone/plone.app.portlets/trunk/plone/app/portlets/metadirectives.py
here you can find an example:
edit: unfortunately I have to amend my answer...the purpose of view_permission should be to restrict the portlet to users with a specific permission. But it's not yet honored, as you can see here:
- http://svn.plone.org/svn/plone/plone.app.portlets/trunk/plone/app/portlets/browser/templates/column.pt
- http://svn.plone.org/svn/plone/plone.app.portlets/trunk/plone/app/portlets/metaconfigure.py
(Thanks to the comment of Ulrich Schwarz that pushed me to double check.)
