On Wed, Feb 25, 2009 at 16:43, Martin Aspeli <optilude+lists@gmail.com> wrote:
I think the fact that this workaround is necessary is a bug. The <permission /> directive is supposed to be used to declare new permissions, but it does not do that fully in Zope 2. An easy bug fix would be to put something like this into Five:
<subscriber for="zope.security.interfaces.IPermission zope.component.interfaces.IRegistered" handler=".permissions.create_permission" />
def create_permission(permission_utility, event): permission = permission_utilty.title roles = () registered = _registeredPermissions if not registered.has_key(permission): registered[permission] = 1 Products.__ac_permissions__=( Products.__ac_permissions__+((permission,(),roles),)) mangled = pname(permission) setattr(ApplicationDefaultPermissions, mangled, roles)
The body of this function is copied from CMF's setSecurityInfo.
It'd also be nice if you could set up some app-root roles using the <grant /> directive from zope.securitypolicy, though I don't really know how that would work yet.
What do you think? Could we put this in as a bugfix?
+1 This has annoyed me too, the subscriber seems like a neat solution. -- Lennart Regebro: Pythonista, Barista, Notsotrista. http://regebro.wordpress.com/ +33 661 58 14 64