If someone summarizes the distinctions made in this email, I can put it in the ZDG. Chris Withers wrote:
Shane Hathaway wrote:
What happens if I want to protect manage_editForm with one permission and manage_main with another?
You can't. :-) That's why the ambiguity is a problem. If the method is called manage_editForm, the security machinery (under most circumstance) will look for "manage_editForm__roles__" no matter what attribute name you used to access it. Maybe someday this will change.
Also, kindof related, what happens if I want to protect a method with more than one permission?
You can't do that either, and for good reason. Would it be an OR or an AND operation? Or some combination? Better to just call getSecurityManager().checkPermission().
Thanks :-)
How do we make sure both of these are documented in big flashing letters in the development guide? I've been at the python product programming thang for some time (;-) now and I never knew that, in fact I had made completely incorrect assumptions...
cheers,
Chris
Shane
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
-- Chris McDonough Zope Corporation http://www.zope.org http://www.zope.com """ Killing hundreds of birds with thousands of stones """