[Zope] confused on permissions and roles
John Hunter
jdhunter at ace.bsd.uchicago.edu
Wed Jun 30 15:55:51 EDT 2004
I have a class that inherits from RoleManager (via Folder). It
defined additional roles, including 'Administrator'. I would like the
Administrator to be able to view management screens and create objects
of certain types, but not be able to delete or rename objects of
certain types.
I tried using a ClassSecurityInfo instance as follows (I've removed
the copy/delete objects part for simplicity and am just focusing on
the view management screens part)
class Myfolder(Folder):
"""
The base folder for the product
"""
meta_type="Myfolder"
__ac_roles__=('Manager', 'Administrator', 'Researcher', 'Reviewer')
security = ClassSecurityInfo()
security.declareObjectProtected()
security.declareProtected('View management screens', 'manage')
# ..snip my methods ...
security.setPermissionDefault('View management screens',('Manager', 'Administrator'))
But a user with just an Administrator role could not view the
myfolder/manage screen
I also tried using __ac__permissions__
class Myfolder(Folder):
"""
The base folder for the product
"""
meta_type="Myfolder"
__ac_roles__=('Manager', 'Administrator', 'Researcher', 'Reviewer')
__ac_permissions__= (
('View management screens',
('manage','manage_main'),
('Manager', 'Administrator'),
),
)
with the same result.
In both cases if I visit the Security tab of that folder (as a
Manager) none of the default check boxes for the various roles and
permissions have been altered; ie, the one for "View Management
Screens" still has "Acquire Permissions Settings" checked.
My specific question is, what am I doing wrong? My more general
question is what is the interplay between using ClassSecurityInfo and
__ac__permissions__? Should both be set, or should the latter be used
to handle everything?
Thanks,
John Hunter
zope 2.7
More information about the Zope
mailing list