One way to do this is to give 'user' the Manager local role in /test/user and then arrange for anyone other than a/the Manager not to see any edit link, and, if they type edit in the url line (/test/user/edit) get the edit template to display a polite 'Edit denied' message. So the only difference from what you have done is to give the user the Manager role and not worry about ownership. Cliff massimop@users.berlios.de wrote:
hi,
I probably shouldn't start coding without a good knowledge of my tools, but this is the way I usually learn...
I'm developing a small CMS-like (I know, there's CMF, Plone etc, but I'm playing...:))
the point is that I have site, say http://localhost:8080/test, with a subfolder for each registered user, an 2 page templates, view and edit
this methods are in /test and are meant to work via acquisition so with http://localhost:8080/test/user/view any user (even anonymous) should view user data and with http://localhost:8080/test/user/edit only 'user' should edit the same data
I can't figure out how to set permissions...
as a workaround I modified edit to check user roles via getRolesInContext and assigned to each user the Owner role in his folder, leaving Ownership to admin (hope this is legitimate)
I would prefer though a solution based only on Zope automatic roles/permissions management, without any test
I hope it's clear thanks for any hint massimo
_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )