On Fri, 2003-04-04 at 09:04, Michael Havard wrote:
Is there another way to allow a user to add a folder without needing to give them manage properties permissions.
Here's a general-purpose technique: 1. Create a role called AddFolder 2. Give AddFolder the necessary permissions to create a folder 3. Create an add_folder method and give it an AddFolder proxy role. 4. Permit authors to use (but not change) the add_folder method This way, authors will have the ability to use the permissions associated with AddFolder... but only in the specific way(s) you have defined. It's a good idea to make your roles pretty fine-grained... but it's probably not worth going overboard with. It's more important, in this scheme, that your methods be tailored to a specific purpose and the permissions controlling them be fine-grained.
It would be nice to have a document listing the permissions and EXACTLY what they do and how they interrelate if only just for the base ZOPE and CMF products.
The best such document is the product source code. Permissions, ultimately, are just labels applied to collections of product methods. When you allow a permission, you allow specific users to call its methods. If you want to know exactly what those methods *do*, you'll have to look at how they are defined. HTH, Dylan