Re: [Zope-dev] several permissions for the same method
Dieter Maurer wrote:
Jephte CLAIN writes:
I have the scenario where a user can edit *its* data but not other users's data, unless he has a special role. however, the method used to edit one's data is the same. Can you not use the "Owner" role for this? I suppose not, because data is taken from a SQL database, so everyone could potentially trash others' data
Oleg advised to make edit_data unpublishable and to write wrappers around it. However, I have thought of another way to do it. Whether it is better or not, I like it because I do not have to rewrite edit_data that much. __ac_permissions__ = ( ('Use edit_data', ('edit_data', )), ('Edit one\'s data', ('check_perm_1', )), ('Edit others\' data', ('check_perm_2', )), ) check_perm1 and check_perm_2 are do-nothing methods that are protected by the permissions. In edit_data, I call them as appropriate to check for the user's permissions. any comments? regards, jephte.clain@univ-reunion.fr
Jephte CLAIN wrote: <snip different security for same method> You could just check for the permissions specifically, here's a quote from Folder.py in Zope 2.2:
checkPermission=getSecurityManager().checkPermission
if createUserF: if not checkPermission('Add User Folders', ob): raise 'Unauthorized', ( 'You are not authorized to add User Folders.' ) ob.manage_addUserFolder()
if createPublic: if not checkPermission('Add Documents, Images, and Files', ob): raise 'Unauthorized', ( 'You are not authorized to add DTML Documents.' ) ob.manage_addDTMLDocument(id='index_html', title='')
if REQUEST is not None: return self.manage_main(self, REQUEST, update_menu=1)
Any help? cheers, Chris
Chris Withers wrote:
You could just check for the permissions specifically, here's a quote from Folder.py in Zope 2.2: Yes. though it seems odd to create permissions not protecting any method that are just meant to be checked. calling a method that the current user is not not allowed to access raises Unauthorized for you. I can just check 'manually' the permission if I want to display a specific message.
thanks for your comments jephte.clain@univ-reunion.fr
participants (2)
-
Chris Withers -
Jephte CLAIN