允许具有覆盖权限的用户AT字段验证失败
项目描述
对于某些网站,允许某些用户(如网站管理员)在不满足字段验证的情况下编辑内容可能很有用。例如,一个用于捕获成员联系信息的网站内容类型,对于大多数联系信息字段使用必填字段。然而,在罕见的情况下,例如在一般列表中,可能需要联系信息对象,但完整的联系信息可能不可用,例如成员外出时。
collective.validationoverride软件包提供了对Archetypes字段验证方法的修补,以便在记录字段验证失败但验证状态仍然成功的情况下。具体来说,检查了权限,如果当前用户在对象上下文中具有该权限,则记录验证错误并将其从验证错误列表中删除,允许成功验证状态。
要检查的权限来自“validation_override_permission”字段属性,默认为“覆盖验证”权限。因此,通过将“覆盖验证”权限分配给所需上下文中的适当角色,可以覆盖字段验证而无需修改内容类型。默认情况下,“Manager”角色具有此权限。
示例
安装collective.validationoverride之前,必须满足字段验证。
捕获日志输出。
>>> from zope.testing.loggingsupport import InstalledHandler
>>> log_handler = InstalledHandler('collective.validationoverride')
打开浏览器,以“管理员”角色用户登录。
>>> from Products.Five.testbrowser import Browser
>>> from Products.PloneTestCase import ptc
>>> owner_browser = Browser()
>>> owner_browser.handleErrors = False
>>> owner_browser.open(portal.absolute_url())
>>> owner_browser.getLink('Log in').click()
>>> owner_browser.getControl(
... 'Login Name').value = ptc.portal_owner
>>> owner_browser.getControl(
... 'Password').value = ptc.default_password
>>> owner_browser.getControl('Log in').click()
添加一个事件,尝试不填写有效字段值保存。验证失败,并报告了必填字段。
>>> owner_browser.getLink(url='Event').click()
>>> owner_browser.getControl('Event URL').value = 'foo'
>>> owner_browser.getControl('Contact E-mail').value = 'bar'
>>> owner_browser.getControl('Save').click()
>>> print owner_browser.contents
<...
<dd>Please correct the indicated errors.</dd>...
<div class="fieldErrorBox">Title is required, please correct.</div>...
<div class="fieldErrorBox">Validation failed(isURL): 'foo' is not a valid url.</div>...
<div class="fieldErrorBox">Validation failed(isEmail): 'bar' is not a valid email address.</div>...
没有记录验证错误。
>>> for record in log_handler.records: ... print record.getMessage()
安装collective.validationoverride后,对于具有“管理员”角色的用户,将忽略字段验证失败,而对于普通用户则不会,因为“覆盖验证”权限只授予具有“管理员”角色的用户。
安装collective.validationoverride包。
>>> portal.portal_quickinstaller.installProduct( ... 'collective.validationoverride') ''
现在具有“管理员”角色的用户可以成功添加一个具有无效字段值的事件。
>>> owner_browser.open(portal.absolute_url())
>>> owner_browser.getLink(url='Event').click()
>>> owner_browser.getControl('Event URL').value = 'foo'
>>> owner_browser.getControl('Contact E-mail').value = 'bar'
>>> owner_browser.getControl('Save').click()
>>> print owner_browser.contents
<...
<dd>Changes saved.</dd>...
<a href="mailto:bar" class="email fn">bar</a>...
<a class="url" href="foo"...
所有忽略的验证错误都已记录。
>>> for record in log_handler.records:
... print record.getMessage()
Overriding the validation result u'Title is required, please correct.' on <ATEvent at /plone/portal_factory/Event/event... used for /plone>:
{'title': u'Title is required, please correct.'}
Overriding the validation result u"Validation failed(isURL): 'foo' is not a valid url." on <ATEvent at /plone/portal_factory/Event/event... used for /plone>:
{}
Overriding the validation result u"Validation failed(isEmail): 'bar' is not a valid email address." on <ATEvent at /plone/portal_factory/Event/event... used for /plone>:
{}...
>>> log_handler.clear()
打开浏览器,以普通用户登录。
>>> browser = Browser()
>>> browser.handleErrors = False
>>> browser.open(portal.absolute_url())
>>> browser.getLink('Log in').click()
>>> browser.getControl('Login Name').value = ptc.default_user
>>> browser.getControl(
... 'Password').value = ptc.default_password
>>> browser.getControl('Log in').click()
普通用户仍然无法添加一个具有无效字段值的事件。
>>> browser.open(self.folder.absolute_url())
>>> browser.getLink(url='Event').click()
>>> browser.getControl('Event URL').value = 'foo'
>>> browser.getControl('Contact E-mail').value = 'bar'
>>> browser.getControl('Save').click()
>>> print browser.contents
<...
<dd>Please correct the indicated errors.</dd>...
<div class="fieldErrorBox">Title is required, please correct.</div>...
<div class="fieldErrorBox">Validation failed(isURL): 'foo' is not a valid url.</div>...
<div class="fieldErrorBox">Validation failed(isEmail): 'bar' is not a valid email address.</div>...
没有记录验证错误。
>>> for record in log_handler.records: ... print record.getMessage()
将“validation_override_permission”字段属性设置为普通用户拥有的权限。
>>> from Products.ATContentTypes.content import event >>> schema = event.ATEvent.schema >>> schema['title'].validation_override_permission = ( ... "Modify portal content") >>> schema['eventUrl'].validation_override_permission = ( ... "Modify portal content") >>> schema['contactEmail'].validation_override_permission = ( ... "Modify portal content")
现在用户可以成功添加一个具有无效字段值的事件。
>>> browser.open(self.folder.absolute_url())
>>> browser.getLink(url='Event').click()
>>> browser.getControl('Event URL').value = 'foo'
>>> browser.getControl('Contact E-mail').value = 'bar'
>>> browser.getControl('Save').click()
>>> print browser.contents
<...
<dd>Changes saved.</dd>...
<a href="mailto:bar" class="email fn">bar</a>...
<a class="url" href="foo"...
所有忽略的验证错误都已记录。
>>> for record in log_handler.records:
... print record.getMessage()
Overriding the validation result u'Title is required, please correct.' on <ATEvent at /plone/Members/test_user_1_/portal_factory/Event/event... used for /plone/Members/test_user_1_>:
{'title': u'Title is required, please correct.'}
Overriding the validation result u"Validation failed(isURL): 'foo' is not a valid url." on <ATEvent at /plone/Members/test_user_1_/portal_factory/Event/event... used for /plone/Members/test_user_1_>:
{}
Overriding the validation result u"Validation failed(isEmail): 'bar' is not a valid email address." on <ATEvent at /plone/Members/test_user_1_/portal_factory/Event/event... used for /plone/Members/test_user_1_>:
{}...
>>> log_handler.clear()
变更日志
0.1 - 2009-11-12
初始发布
待办事项
关闭
collective.validationoverride-0.1.tar.gz的哈希值
| 算法 | 哈希摘要 | |
|---|---|---|
| SHA256 | e9c447f0ca0c8c93fafd59e672d2af5de0159bb87f3ac528493dcb0209a330b2 |
|
| MD5 | 28edb9891fe4e6e234aa8c8204980976 |
|
| BLAKE2b-256 | 84f6b6bfe01a0523de5c0d7fd9c00beab7f8f8a70ed74a2a57af92277886626d |