However, for "Owner" is would be unintuitive that the owner of a folder has "Owner" permissions on all contained objects...
Yes, unintuitive and it makes it hard to only allow creaters to delete their own objects. I thought this community policy was common...
Is there any website explaining this thorougly?
Did you read the local roles chapter of the Zope Book?
I can't find any chapter named 'local roles'. I read "Users and Security" though. I grasp local roles now and with a little help by Chris on IRC I understand 'Delete objects' permission on folders. My conclusion is that there's no way to have a "members can create objects on the entire site, but only delete their own ones"-policy without scripting. I figure there are two ways: * Create a script that adds 'Delete objects' permission to the object's container in manage_beforeDelete or similar. You also have to add a script that removes 'Delete objects' after the deletion have been made. * The same solution, but using workflow instead. Maybe workflows use manage_beforeDelete for the work behind the scenes? Maybe there are better ways? These are not easy solutions for a newbie like me :) Tim
Tim Terlegård wrote:
* Create a script that adds 'Delete objects' permission to the object's container in manage_beforeDelete or similar. You also have to add a script that removes 'Delete objects' after the deletion have been made.
Huh? Where did this come from. What I suggested was wrtie a script that had a proxy role of manager. This script can then be used by the user to delete objects. The script should check that the objects being deleted are owned by the user executing the script. No too hard to do... Chris
participants (2)
-
Chris Withers -
Tim Terlegård