Quoting Toby Dickenson <tdickenson@geminidataloggers.com>:
On Wednesday 18 Sep 2002 4:00 am, John K. Hohm wrote:
I am using Zope 2.5.1, and writing a product with a folderish class. I want to be able to prevent acquiring a permission from one role, while still acquiring it from another role (if the user gets that role locally).
I suppose it could work by preventing the user from acquiring a role; is there already some sensible way of doing that?
It sound like you are trying to abuse a standard permission. Is the problem something like: your folderish product uses properties to control its behaviour, but you dont want to let some users control properties of all sub-objects?
No, that's not it at all. I want all authenticated users to have permissions to list the contents of the /auto folder, but I want a user to have permissions to the /auto/foo, /auto/bar, etc. folders and their contained items only if they have a role local to one of those folders. As it happens I am assigning the local roles with a BasicUser modification by virtue of a user having a role whose name is related to the name of the folder, say foo_dogs or bar_dogs.
Perhaps a better way would be to define a new permission, call it "Change MyFolderishThing Properies", and leave the permission acquisition system to work as normal.
I want the standard permissions to work normally within one folder, but I want to avoid standard permissions being used to do standard things with standard objects contained by folders beneath that folder, unless those folders have local roles that re-grant the standard permissions.