How to register a Plone view for a specific type of HTTP method

Question

How to register a Plone view for a specific type of HTTP method

I would like to be able to register Views in Plone only for a specific type of HTTP method, eg. for POST only, or just for a specific header Accept:

sent by the client.

I know that it is actually not possible to customize the View in this way using normal ZCML configuration directives.

Are there other mechanisms that can be used for this purpose besides the proxy view, which delegates the request to other views via HTTP, etc.?

+3

python plone

Petri June 30. '15 at 6:23

source to share

2 answers

Luca Fabbri · Answer 1 · 2015-06-30T07:03:36+0000

For post-only protection, you can also use the internal functions of plone.protect :

@protect(PostOnly)
...

While for the header, accept

I fear that you have to manually validate the request data.

metatoaster · Answer 2 · 2015-06-30T06:39:48+0000

Usually, most views follow an update / render pattern, and it generally makes sense to include that in an update method, a common place to check permissions / data access, like other various libraries. Below is a complete demo:

from AccessControl import Unauthorized
from zope.publisher.browser import BrowserPage

class PostOnlyPage(BrowserPage):

    def update(self):
        if not self.request.method == 'POST':
            raise Unauthorized

    def render(self):
        return 'A POST only render'

    def __call__(self):
        self.update()
        return self.render()

If you do this so that existing libraries (for example z3c.form

) use accessor methods, you can do something like:

class StrictPostForm(z3c.form.form.PostForm):
    def update(self):
        if not self.request.method == 'POST':
            raise Unauthorized
        super(StrictPostForm, self).update()

How to register a Plone view for a specific type of HTTP method

More articles: