Zclass and Permissions: Delete Instances?
hi@all, ok - there is an "Add ***" permission mapped to "Create class instances" per default. i also know how to create a new custom permission in the product´s folder, how to add it to the zclass "Class Permission" and how to map a zclass-propertysheet´s "Manage properties" permission to my custom permission. but is there also a possibility to map the "Delete Objects" permission regarding a certain zclass to a custom permission? /wolfie -- http://www.t0.or.at
wchr writes:
ok - there is an "Add ***" permission mapped to "Create class instances" per default. i also know how to create a new custom permission in the product´s folder, how to add it to the zclass "Class Permission" and how to map a zclass-propertysheet´s "Manage properties" permission to my custom permission.
but is there also a possibility to map the "Delete Objects" permission regarding a certain zclass to a custom permission? Yes, but it will not give you what you like:
The permission "Delete objects" is associated with the container containing the to be deleted objects and not these objects themselves. Thus, when your ZClass is an Object Manager, remapping "Delete objects" will have an effect (on the ZClass content deletion). It will not control deletion of the Z Instances themselves. Dieter
thx - quite obvious. so - am i wrong if i consider that for somehow inconsistent? the zope-security-model allows me to delegate add- and edit-permissions depending on meta_type, but concerning "Delete Objects" i´m only able to either disallow it or generally allow it for a certain context/role... /wolfie -- http://www.t0.or.at Dieter Maurer wrote:
wchr writes:
ok - there is an "Add ***" permission mapped to "Create class instances" per default. i also know how to create a new custom permission in the product´s folder, how to add it to the zclass "Class Permission" and how to map a zclass-propertysheet´s "Manage properties" permission to my custom permission.
but is there also a possibility to map the "Delete Objects" permission regarding a certain zclass to a custom permission? Yes, but it will not give you what you like:
The permission "Delete objects" is associated with the container containing the to be deleted objects and not these objects themselves.
Thus, when your ZClass is an Object Manager, remapping "Delete objects" will have an effect (on the ZClass content deletion). It will not control deletion of the Z Instances themselves.
wchr writes:
thx - quite obvious. so - am i wrong if i consider that for somehow inconsistent? the zope-security-model allows me to delegate add- and edit-permissions depending on meta_type, but concerning "Delete Objects" i´m only able to either disallow it or generally allow it for a certain context/role... That's what the standard Zope permission system gives you.
It's an artifact of the fact that you have type specific constructors but a generic (type independent) object deletion method. You can build your own (type specific) deletion method and protect it in any way you like. It would make the object deletion security checks you like and then call the containers "manage_deleteObject" to delete the object. It may need a "proxy role" to overpower the restrictions you will probably impose on "manage_deleteObject". Dieter
participants (2)
-
Dieter Maurer -
wchr