On Thu, 14 Jun 2001, Bocquillon Philippe wrote:
Hello
In the following piece of Python code for Zope:
__ac_permissions__=( ('View management screens', ('manage_main',)), ('View', ('', 'index_html', 'update', 'show_source','view_image','picture',)), ('Change', ('manage_edit',), ('Manager',)), )
Could you tell me:
1) What does the first "empty" method ('') associated to the View permission mean?
The default view. Synonymous with index_html
2) Is the Manager method associated with the Change permission the class constructor for a Manager class which would represent the Manager role?
It's not a method or a class, it's just a string.
3) Why is Manager method needed in addition to the manage_edit one?
Look closely at the data structure. Manager is a role, not a reference to a method. The permision is in the first position, a tuple of methods is in the second, and *if* there is a third tuple, it's the default needed roles for the methods in the second position.
4) Why are there 2 tuples associated with the Change permission instead of having one tuple containing both the manage_edit and Manager methods?
Because Manager is not a method. It's a role.
More generally, where can I find a REFERENCE doc (instead of a collection of how-tos or other items more or less related to the topic which is interesting you) in which such information (I mean developping Python code for Zope products) is __clearly__ defined?
First off, let me tell you that __ac_permissions__ is deprecated. I do not suggest you use it. Instead, use the explicit security API defined in: http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/zope-devel/DevGuide/Security.... As soon as one final detail is taken care off, we'll be making an HTML release of the DevGuide, including this chapter. -Michel