[Zope-CMF] A role to assign local roles.
Tres Seaver
tseaver@zope.com
Mon, 25 Mar 2002 09:02:27 -0500 (EST)
On Mon, 25 Mar 2002, Luca Olivetti wrote:
> I would like a role (say, 'Human Resources') to assign local roles to
> other users. Since the machinery is already in place (through
> folder_localrole_form) I thought I could use it. The problem is that
> in MembershipTool.py (methods getCandidateLocalRoles and
> setLocalRoles) the user is restricted to assign roles she already has
> unless she is 'Manager'. I don't want these users to be 'Manager' (to
> avoid them making collateral damage to the portal ;-) but I don't want
> them to have all roles they are to assign either. I could hack these
> two methods to accept this role as well as manager (not general
> enough), or to check for a specifical permission ('Manage users' comes
> to mind) but I don't feel this is a good solution, for at least it
> could be overwritten next time I upgrade CMFCore.
> Any hint?
Customized skin methods do not get overwritten on upgrades; in
combination with proxy roles a customized method has the flexibility you
desire:
- Customize the 'folder_localrole_edit' Python script (the POST
handler for the form).
- Give the customized method proxy role of 'Manager'.
- Add a check to the customized version which asserts that the
user has one of the roles you prefer, e.g.::
member = context.portal_membership.getAuthenticatedMember()
if not member.allowed( [ 'Manager', 'Human Resources' ] ):
raise Unauthorized
Tres.
--
===============================================================
Tres Seaver tseaver@zope.com
Zope Corporation "Zope Dealers" http://www.zope.org