[英]how to register Plone view for a particular HTTP method type
I would like to be able to register Views in Plone only for a particular HTTP method type, eg. 我希望能够仅针对特定的HTTP方法类型在Plone中注册视图,例如。 for POST only, or only for particular
Accept:
header submitted by client. 仅用于POST,或仅用于客户端提交的特定
Accept:
标头。
I know it is not really possible to configure a View that way using regular ZCML configuration directives. 我知道使用常规ZCML配置指令以这种方式配置View是不可能的。
Are there other mechanisms that could be utilized for this purpose, short of writing a proxy view that delegates the request to other views per HTTP method and so on? 是否有其他机制可以用于此目的,除了编写代理视图,将请求委托给每个HTTP方法的其他视图等等?
For the "post only" protection you can also use the inner features of plone.protect : 对于“仅发布”保护,您还可以使用plone.protect的内部功能:
@protect(PostOnly)
...
While for the accept
header I fear you must inspect the request data manually. 虽然对于
accept
标头我担心你必须手动检查请求数据。
Typically most views follow the update/render pattern, and generally it makes sense to put that in the update method, a common location to do permission/access/data integrity checks like other various libraries. 通常,大多数视图都遵循更新/呈现模式,并且通常将其放入更新方法中是有意义的,这是与其他各种库一样执行权限/访问/数据完整性检查的公共位置。 A complete demonstration follows:
完整演示如下:
from AccessControl import Unauthorized
from zope.publisher.browser import BrowserPage
class PostOnlyPage(BrowserPage):
def update(self):
if not self.request.method == 'POST':
raise Unauthorized
def render(self):
return 'A POST only render'
def __call__(self):
self.update()
return self.render()
If you are doing this to make existing libraries (such as z3c.form
) to enforce access methods you can consider doing something like: 如果您这样做是为了使现有的库(例如
z3c.form
)强制执行访问方法,您可以考虑执行以下操作:
class StrictPostForm(z3c.form.form.PostForm):
def update(self):
if not self.request.method == 'POST':
raise Unauthorized
super(StrictPostForm, self).update()
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.