[Zope-CMF] permissions for new CMF type

Ausum Studio ausum_studio@hotmail.com
Fri, 15 Nov 2002 19:57:56 -0500


Use the product VerboseSecurity, it's an aid to debug security issues.

http://hathaway.freezope.org/Software/VerboseSecurity


Ausum


----- Original Message -----
From: "Fearless Froggie" <fearless_froggie@yahoo.com>
To: <zope-cmf@zope.org>
Sent: Friday, November 15, 2002 7:22 PM
Subject: [Zope-CMF] permissions for new CMF type


> Hi,
>
> I created a new CMF type (CMFNewsICABC) for my portal,
> with a new permission "addCMFNewsICABC". Now I created
> a role so that only users with the "ICABC" role could
> add CMFNewsICABC items. I gave the ICABC role all the
> permissions of the "Member" role, plus the ability to
> add "CMFNewsICABC" items.
>
> I then created the following script so that only users
> with the addCMFNewsICABC get the link to add
> CMFNewsICABC items. ("vancouver_island" is the name of
> the portal)
>
> <dtml-let
>
icabcMgr="portal_membership.checkPermission('addCMFNewsICABC',vancouver_isla
nd)">
>    <dtml-if icabcMgr>
>       <br>* <a
> href="&dtml-portal_url;/add_CMFNewsICABC">Add ICABC
> News Item</a>
>    </dtml-if>
> </dtml-let>
>
> I then created my new user with the "ICABC" role. When
> I signed in with this userid, zope was not recognizing
> that I had permission to add CMFNewsICABC items, ie I
> didn't get the link to add them.
>
> When I signed in with my Manager userid (defined in
> the root), I had the ability to add CMFNewsICABC
> items, ie the script above displayed the link. I went
> into the security tab, turned off "acquire permission
> settings" for the addCMFNewsICABC permission and made
> sure the box wasn't ticked -- and I could still add
> CMFNewsICABC items.
>
> Basically, no matter what I do, I can't take away the
> ability to add a CMFNewsICABC item from the Manager
> user, and I can't give the ability to add a
> CMFNewsICABC item to the ICABC user.
>
> I exited and reran my browser for these tests.
>
> Can anybody possibly follow the gobbledy-gook above
> and point me in the right direction? It seems pretty
> straightforward to me, but I guess I'm missing
> something.
>
> Many Thanks!
>
> Rita.
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Web Hosting - Let the expert host your site
> http://webhosting.yahoo.com
>
> _______________________________________________
> Zope-CMF maillist  -  Zope-CMF@zope.org
> http://lists.zope.org/mailman/listinfo/zope-cmf
>
> See http://collector.zope.org/CMF for bug reports and feature requests
>