[Zope-dev] registerClass ignoring permissions defined in the class?

Jean Jordaan jean@upfrontsystems.co.za
Fri, 18 Jul 2003 16:35:41 +0200


Hi all 

For the second time in a couple of months, I found myself 
wrestling with security on FSPythonScripts (and eventually
thinking hell with it, and just moving the functionality 
to a class method). Anyway, I found this, which looks like
an inconsistency between docs and implementation:

In ProductContext.registerClass the docstring says:

        permissions -- Additional permissions to be registered
           If not provided, then permissions defined in the
           class will be registered.

However, registerClass only handles permissions that are 
passed in:

        if permissions:

It doesn't look at permissions defined in the class at all. Am
I missing something?

The reason I thought this matters is that this works fine in a
CMF .metadata file:

"""
[security]
View=1:Anonymous
"""

but this doesn't:

"""
[security]
Use LDAPService=1:Anonymous
"""

AccessControl.Role.manage_permission complains: 
"Invalid Permission: The permission <em>Use LDAPService</em> is invalid."
The permission does, however, show up on the ZMI security tab, 
and if I set it for Anonymous on a parent of the script, the script 
executes fine.

-- 
Jean Jordaan
http://www.upfrontsystems.co.za