Hello, is it possible for a single method, under Zope 2.1.6, to have several permissions? ie __ac_permission__ = ( ('edit my data', 'edit_data'), ('edit others\'s data', 'edit_data'), ) I have the scenario where a user can edit *its* data but not other users's data, unless he has a special role. however, the method used to edit one's data is the same. So I make sure inside the edit_data method that the user has the adequate permissions if he tries to edit another one's data. this does not work. indeed, lib/python/AccessControl/Permission.py reads: # Attribute names which appear in a # permission may not appear in any other permission defined # by the object. thanks in advance for any advices. regards, jephte.clain@univ-reunion.fr
On Wed, 19 Jul 2000, Jephte CLAIN wrote:
I have the scenario where a user can edit *its* data but not other users's data, unless he has a special role. however, the method used to edit one's data is the same. So I make sure inside the edit_data method that the user has the adequate permissions if he tries to edit another one's data.
Make edit_data unpublishable (remove docstring, rename it to _edit_data) and write two wrappers for it - one for own data, one for other's data. Protect these wrappers with different sets of permissions. Oleg. (All opinions are mine and not of my employer) ---- Oleg Broytmann Foundation for Effective Policies phd@phd.russ.ru Programmers don't die, they just GOSUB without RETURN.
participants (2)
-
Jephte CLAIN -
Oleg Broytmann