the README.txt states, that "Registrant objects CANNOT use portal_factory; if you try to do things that way, anonymous users will not be able to register for events." and some stuff about bugs in the permissions.
That's all nonsense. You only have to overwrite the standard invokeFactory procedure. I "stole" this from one of (I think) jensens' products. If found it through a comment on plone.org somewhere, but can't find it right now. I use this code for my own Registrant object since a while and it works fine:
security.declarePrivate('anonymousInvokeFactory') def anonymousInvokeFactory(self, container, type_name, id, REQUEST=None, *args, **kw): """ Anonymous cannot add objects with InvokeFactory, so this is a special method to do it with. Must be called from other function to limit possibillities of abuse. """ user = self.getWrappedOwner() newSecurityManager(REQUEST, user) container.invokeFactory(type_name, id, REQUEST=REQUEST, *args, **kw)
security.declarePublic('addAnonymousParticipant') def addAnonymousParticipant(self, fieldnames=None, REQUEST=None): """ Lets anonymous users add participants """ message = '?portal_status_message=%s' if fieldnames is None: fieldnames = [] kw = {} for fieldname in fieldnames: if fieldname in REQUEST: if hasattr(REQUEST[fieldname],'decode'): kw[fieldname] = REQUEST[fieldname].decode('latin-1') else: kw[fieldname] = REQUEST[fieldname] # generate an id now = self.ZopeTime().strftime('%Y%m%dZ%H%M%S') id = 'participant.%s.%s' % (now, random.randint(1,1000000)) self.anonymousInvokeFactory(self, 'Participant', id, REQUEST=REQUEST, **kw) newParticipant = getattr(self, id) # set attributes for key, val in kw.items(): if key=='image': newParticipant.setImage(val,val.filename) else: setattr(newParticipant, key, val) # reindex in the catalog newParticipant.reindexObject() # Redirect back to form absolute_url = self.absolute_url() message = message % 'Sucessfully added participant' REQUEST.RESPONSE.redirect('%s/thankyou%s' % (absolute_url, message) )
That's only a way it works in this class and not all stuff in here is necessary of course, but it should make the way clear how to implement the factory into EventRegistration.
> the README.txt states, that "Registrant objects CANNOT use > portal_factory; if you try to do things that way, anonymous users will > not be able to register for events." > and some stuff about bugs in the permissions.
> That's all nonsense. You only have to overwrite the standard > invokeFactory procedure. > I "stole" this from one of (I think) jensens' products. If found it > through a comment on plone.org somewhere, but can't find it right now. > I use this code for my own Registrant object since a while and it works > fine:
> security.declarePrivate('anonymousInvokeFactory') > def anonymousInvokeFactory(self, container, type_name, id, > REQUEST=None, *args, **kw): > """ > Anonymous cannot add objects with InvokeFactory, so this is a > special > method to do it with. Must be called from other function to limit > possibillities of abuse. > """ > user = self.getWrappedOwner() > newSecurityManager(REQUEST, user) > container.invokeFactory(type_name, id, REQUEST=REQUEST, *args, > **kw)
> security.declarePublic('addAnonymousParticipant') > def addAnonymousParticipant(self, fieldnames=None, REQUEST=None): > """ > Lets anonymous users add participants > """ > message = '?portal_status_message=%s' > if fieldnames is None: > fieldnames = [] > kw = {} > for fieldname in fieldnames: > if fieldname in REQUEST: > if hasattr(REQUEST[fieldname],'decode'): > kw[fieldname] = REQUEST[fieldname].decode('latin-1') > else: > kw[fieldname] = REQUEST[fieldname] > # generate an id > now = self.ZopeTime().strftime('%Y%m%dZ%H%M%S') > id = 'participant.%s.%s' % (now, random.randint(1,1000000)) > self.anonymousInvokeFactory(self, 'Participant', id, > REQUEST=REQUEST, **kw) > newParticipant = getattr(self, id) > # set attributes > for key, val in kw.items(): > if key=='image': > newParticipant.setImage(val,val.filename) > else: > setattr(newParticipant, key, val) > # reindex in the catalog > newParticipant.reindexObject() > # Redirect back to form > absolute_url = self.absolute_url() > message = message % 'Sucessfully added participant' > REQUEST.RESPONSE.redirect('%s/thankyou%s' % (absolute_url, message) > )
> That's only a way it works in this class and not all stuff in here is > necessary of course, but it should make the way clear how to implement > the factory into EventRegistration.
Justin Ryan wrote: > Diechi - please write a patch, this product is mostly abandoned. A branch > would be nice, but trunk is fine.
I currently don't have the time for that :( Is it abandonded because of that? ;)
> Have you looked at SignupSheet?
Indeed. That's what I use now, but both Products would need some work to link them together. In fact it is a property of an event if it offers a sign up sheet or not and which one.
|
