[Zope-CMF] Action: permission/permissions inconsistency?
Jean Jordaan
jean@upfrontsystems.co.za
Thu, 05 Dec 2002 09:21:32 +0200
Hi all
It looks like there's an inconsistency in the CMF's treatment of
the permissions of an actions.
In the interface for listFilteredActionsFor,
CMFCore/interfaces/portal_actions.py, I read::
permissions: A list. The user must have at least of the listed
permissions to access the action.
That should be "at least ONE of". At least, this is how it's
implemented in CMFCore.ActionsTool.listFilteredActionsFor,
lines 246-251 (although I wish there was a way of specifying
that a user must have *at least ALL* the listed permissions);
HOWEVER,
CMFCore.TypesTool.manage_editActionsForm unceremoniously chops
permissions to the first permission in the list::
p = a['permissions']
if p:
a['permission'] = p[0]
This is rendered by ./CMFCore/dtml/editActions.dtml in a dropdown.
This means that if an actions page in the ZMI is edited, and there
is an action with more than one permission among the actions on
the page, its permissions property will be truncated to
permissions[0].
One approach to making this consistent would be to change
'editActions' to use 'permissions' (not constructing 'permission'),
and using multiple selections instead of dropdowns in 'editActions'.
I'm just wondering if my understanding of this is correct. Any
feedback?
--
Jean Jordaan
http://www.upfrontsystems.co.za