fine grained, dynamic permissions based on attribute values
Good day, I am wondering if/how I could control the permissions on an object based on the value of an attribute. I am using CMF, and thus portal_catalog, and have built a custom content type. My type has a category field. I would like to control the view permission of the object dynamically based on the value of category. So, as an example, I have multiple users, and multiple values for the category field. I would like User A to access the object if the category ='financial', and User B access the object if the category='other'. Thanks for any ideas. Chris
On Tue, 2005-10-18 at 11:05, Chris Crownhart wrote:
Good day,
I am wondering if/how I could control the permissions on an object based on the value of an attribute. I am using CMF, and thus portal_catalog, and have built a custom content type. My type has a category field. I would like to control the view permission of the object dynamically based on the value of category.
So, as an example, I have multiple users, and multiple values for the category field. I would like User A to access the object if the category ='financial', and User B access the object if the category='other'.
Thanks for any ideas.
I assume user A and B have different roles? Instead of dynamically controlling the permission, could you set the permission on the object explicitly when the object is edited? e.g. def manage_edit(self, ...): ... if REQUEST.get('category') == 'other': self.set_permission_so_user_B_can_access() elif REQUEST.get('category') == 'financial': self.set_permission_so_user_A_can_access()
On 10/18/05, Chris Crownhart <chris@shiftzz.com> wrote:
Good day,
I am wondering if/how I could control the permissions on an object based on the value of an attribute.
So, as an example, I have multiple users, and multiple values for the category field. I would like User A to access the object if the category ='financial', and User B access the object if the category='other'.
If, as Mark asked, different users with different access privileges have different roles, then how about writing a condition (TALES expression) for the View action of your content type? Something along the lines of python: member and (member.has_role('Accountant') and context.category=='financial') or (member.has_role('Editor') and context.category=='other') Don't quote me on the exact expression, though, you should test that. Rob
participants (3)
-
Chris Crownhart -
Mark Gibson -
Robert Boyd