[CMF-checkins] CVS: CMF/CMFCore - MembershipTool.py:

Tres Seaver tseaver at zope.com
Sat Sep 13 11:11:11 EDT 2003

On Sat, 2003-09-13 at 06:38, Yvo Schubbe wrote:
> Update of /cvs-repository/CMF/CMFCore
> In directory cvs.zope.org:/tmp/cvs-serv4994/CMFCore
> Modified Files:
>       Tag: yuppie-deleteMembers-branch
> 	MembershipTool.py 
> Log Message:
> fixed some Local Role issues:
> - replaced role check by permission check in setLocalRoles

You have changed the use case here:  the original code allows
non-managers (in your case, users without the 'ManageUsrs' permission)
to "share" their roles with others (e.g., I can create a document, and
then add you as an "Owner").  I don't know whether the skins surfaced
this feature, however, so this use case may not be important to anyone. 
Hmmm, probably not for "normal" content, but the folder_local_roles form
can do this.

Perhaps we could make it::

    security.declareProtected(View, 'setLocalRoles')
    def setLocalRoles( self, obj, member_ids, member_role, reindex=1 ):
        """ Set local roles on an item """
        member = self.getAuthenticatedMember()
        my_roles = member.getRolesInContext( obj )

        if (_checkPermission(ManageUsers, obj)
               or member_role in my_roles):
             for member_id in member_ids:
> - made sure deleteLocalRoles updates objects only if necessary
> - reverted reindex change (there has to be a reindexObjectSecurity method)

Tres Seaver                                tseaver at zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com

More information about the CMF-checkins mailing list