What would be the correct set of permissions and security assertions I need in order to make it so that in addition to manager only the owner of that object can edit it. It seems if I just gives the permissions I want to the owner role that doesn't work. If I assign someone to the role of owner they can do stuff in all of the documents which is not what I want. I had thought that owner was a role you got automatically on an object if you where its owner. This is on zope 2.5.1 with python 2.1.3 on debian sid. I am using the explicit security assertions on functions using the new security model in the zope developer guide. Is there anything special I would need to use with the more explicit security model to get that to work? Designing and building web applications http://webme-eng.com
<kosh@aesaeion.com> wrote:
What would be the correct set of permissions and security assertions I need in order to make it so that in addition to manager only the owner of that object can edit it. It seems if I just gives the permissions I want to the owner role that doesn't work.
It should work. Owner is a local role given by ObjectManager to the user at object creation time. Check that in the Security/Local Roles tab. How do you create you objects ?
If I assign someone to the role of owner they can do stuff in all of the documents which is not what I want.
Indeed. Nobody should have a global Owner role.
I had thought that owner was a role you got automatically on an object if you where its owner.
You get it when you create the object, so in effect what you say is true event if the mechanism is different. For instance if someone "takes ownership" of an object it doesn't change the Owner local role. Florent -- Florent Guillaume, Nuxeo (Paris, France) +33 1 40 33 79 87 http://nuxeo.com mailto:fg@nuxeo.com
On Wed, 15 May 2002, Florent Guillaume wrote:
<kosh@aesaeion.com> wrote:
What would be the correct set of permissions and security assertions I need in order to make it so that in addition to manager only the owner of that object can edit it. It seems if I just gives the permissions I want to the owner role that doesn't work.
It should work. Owner is a local role given by ObjectManager to the user at object creation time. Check that in the Security/Local Roles tab.
Their username is listed as the owner of the object however it seems they can't do what an owner should be able to do when they login. If I give them the global role of owner thent they should. So for some reason they are not getting assigned the local role of owner.
How do you create you objects ?
With a python script. I have it create one of the object with a default profile as a manager and then change the objects ownership which all seems to work just fine.
If I assign someone to the role of owner they can do stuff in all of the documents which is not what I want.
Indeed. Nobody should have a global Owner role.
I had thought that owner was a role you got automatically on an object if you where its owner.
You get it when you create the object, so in effect what you say is true event if the mechanism is different. For instance if someone "takes ownership" of an object it doesn't change the Owner local role.
However shouldn't you have the owner role everytime you access the object also if you are authenticated?
<kosh@aesaeion.com> wrote:
Their username is listed as the owner of the object however it seems they can't do what an owner should be able to do when they login. If I give them the global role of owner thent they should. So for some reason they are not getting assigned the local role of owner.
As the owner in the Ownership tab or as a local role Owner in the local roles tab ? Please be precise, as these two "owner" notions are quite different.
How do you create you objects ?
With a python script. I have it create one of the object with a default profile as a manager and then change the objects ownership which all seems to work just fine.
What do you mean by "change the object's ownership" ? Do you do that with local roles or do you ob.changeOwnership() ? changeOwnership won't change the local roles so won't do what you want.
You get it when you create the object, so in effect what you say is true event if the mechanism is different. For instance if someone "takes ownership" of an object it doesn't change the Owner local role.
However shouldn't you have the owner role everytime you access the object also if you are authenticated?
Yes, if the object has an Owner local role you should. Florent -- Florent Guillaume, Nuxeo (Paris, France) +33 1 40 33 79 87 http://nuxeo.com mailto:fg@nuxeo.com
On Fri, 17 May 2002, Florent Guillaume wrote:
<kosh@aesaeion.com> wrote:
Their username is listed as the owner of the object however it seems they can't do what an owner should be able to do when they login. If I give them the global role of owner thent they should. So for some reason they are not getting assigned the local role of owner.
As the owner in the Ownership tab or as a local role Owner in the local roles tab ? Please be precise, as these two "owner" notions are quite different.
Yeah I just got that fixed. It all works now.
participants (2)
-
Florent Guillaume -
kosh@aesaeion.com