[Zope-CMF] Security Question
Dieter Maurer
dieter@handshake.de
Sun, 24 Feb 2002 17:57:41 +0100
Chris Withers writes:
> Dieter Maurer wrote:
> >
> > * A CMF Site that really cares can easily provide a finer grained
> > protection.
>
> How?
You already got the answer to this same question (not from me, but
someone else).
Here is it again, slightly generalized (because it's you who asks :-))
The permission that controls the creation of a portal content
type is specified in the product's "initialize" call
with the function "ContentInit".
The default (in "CMFDefault.__init__") looks like:
utils.ContentInit( 'CMFDefault Content'
, content_types=contentClasses
, permission=ADD_CONTENT_PERMISSION
, extra_constructors=contentConstructors
, fti=Portal.factory_type_information
).initialize( context )
You can assign separate permissions, by e.g.
utils.ContentInit( 'Portal File',
content_types= (File.File,),
permission= 'Add portal files',
extra_constructors= (File.addFile,),
fti= Portal.factory_type_information,
).initialize(context)
utils.ContentInit( 'Portal Document',
content_types= (Document.Document,),
permission= 'Add portal documents',
extra_constructors= (Document.addDocument,),
fti= Portal.factory_type_information,
).initialize(context)
....
Probably, you would prefer that the protecting permission becomes
an attribute of the factory type information (I think that would be
great), but you can already now achieve separated permissions
with a bit of (Python based) customization.
Dieter