At 05:35 AM 2/24/00 -0500, Martijn Pieters wrote:
From: James W. Howe [mailto:jwh@allencreek.com]
[Synopsis: Created a subclass of Folder Defined my own manage_main Created instance of my folder subclass Defined a new role for the folder and permitted the role to view management screens, contents, but nothing else. Tested for superuser and things worked. Tested for my custom role and only saw the index_html]
I still don't know for sure, as I don't have the time to investigate, but I think there are some problems with the security interface, making security too tight. It just doesn't work as expected.
Try this: Create your Role and user in the top-level acl_users folder. Then give that Role permission to view management screens either on the top-level folder or on your own product.
I tried what you suggested above, but the results were the same. I then decided to comment out the code in my subclass where I define my manage_main (i.e. manage_main = HTMLFile(...)). I reran my tests and this time both my superuser and my custom role were able to see the management interface and the contents screen (aka manage_main). For some reason, when my subclass uses its own manage_main, the permissions don't seem to work properly. Further evidence of this comes from some debugging I did in Management.py. I stepped through the filtered options code. When the "contents" object was asked for it's roles, it answered "Manager". Naturally, when the user wasn't the manager, this option got filtered out because the user didn't have access to it. In my security screen, I have View management screens, and Access contents information checked for both my manager and my custom role. I then modified my code to eliminate my definition of manage_main and instead use the one defined by ObjectManager. I then stepped through the debugger once again. This time, when the roles of the manage_main object were given, it came back as a collection of 'Manager', 'Publisher' (my new role), 'Manager'. I'm still investigating why this might be happening. James W. Howe mailto:jwh@allencreek.com Allen Creek Software, Inc. pgpkey: http://ic.net/~jwh/pgpkey.html Ann Arbor, MI 48103