John Hunter wrote:
"Roché" == Roché Compaan <roche@upfrontsystems.co.za> writes:
Roché> You got the first part right and that is making security Roché> declarations on your class, but you still have to specify Roché> security on the folder instance by going to the security Roché> tab and giving 'Administrator' the required permissions or Roché> writing code that does this automatically when you create Roché> the folder.
Essentially my question is - can I do this step in code and if so how? I have a lot of objects and roles and its not practical to manually set the default permissions for each role in the web interface each time a new instance of my product is created. Essentially I want to define these defaults in my product code.
Yes, all classes subclassing RoleManager has a manage_permission method that can be used to change permissions. You could for instance put the following in manage_afterAdd of your class to give only Manager and Administrator the 'View' permission and prevent this permission from being acquired: roles = ['Manager', 'Administrator'] self.manage_permission('View', roles, acquire=0) Notice that permissions are set on the instance and if you change your security policy in future you will have to write an update script that fixes permissions on objects affected by the policy change. -- Roché Compaan Upfront Systems http://www.upfrontsystems.co.za