Jamie Heilman wrote:
I can't fathom the ZClass code. Can somebody tell me if manage_addZClass, manage_addZClassForm, and manage_subclassableClassNames are supposed to be protected by the 'Add Zope Class' permission, or if the code in ZClasses/__init__.py is pure fluf? That permission never shows up in any folder's security settings that I can see. VerboseSecurity has this to say about manage_addZClassForm:
Unauthorized: Your user account does not have the required permission. Access to 'manage_addZClassForm' of (Product instance at 89189e0) denied. Your user account, meh, exists at /acl_users. Access requires one of the following roles: ['Manager']. Your roles in this context are ['Authenticated'].
So it doesn't look like there is a named permission associated with those methods. I have to wonder if thats intentional.
It is. Older Zope code uses the manage_ prefix to require the Manager role by default. Needless to say, that strategy did not cope well with later enhancements to Zope. Shane