[Zope] [Security] When are permissions accessible to scripts in skins?

Jean Jordaan jean@upfrontsystems.co.za
Tue, 20 May 2003 13:52:56 +0200


Hi all

In my product's __init__.py, I register the permission
'Manage OrganisationPosition':

     context.registerClass(
         OrganisationPosition.OrganisationPosition,
         permission = 'Manage OrganisationPosition',
         constructors = (
             OrganisationPosition.manage_addOrganisationPositionForm,
             OrganisationPosition.manage_addOrganisationPosition),
     )

The product contains skins, which include scripts I want to protect
with permissions I define. I use a file 'script.py.security'
containing:

Manage OrganisationPosition:acquire:Manager,Administrator

This results in the following error:

2003-05-20T13:42:13 ERROR(200) DirectoryView Error setting permission 
from .security file information
Traceback (innermost last):
   File [...]/Products/CMFCore/DirectoryView.py, line 293, in 
prepareContents
   File /usr/local/zope/Zope-2.6.1-src/lib/python/AccessControl/Role.py, 
line 174, in manage_permission
     (Object: position_add)
Invalid Permission: The permission <em>Manage OrganisationPosition</em> 
is invalid.

Is this intended behaviour? What permissions are valid for inclusion
in .security files? If I use the "View" permission, I get no error.

Regards,
-- 
Jean Jordaan
http://www.upfrontsystems.co.za