[Zope-CMF] Re: [dev] delete members: related changes and updated
proposal
Yuppie
schubbe at web.de
Tue Sep 23 12:48:28 EDT 2003
Hi!
Florent Guillaume wrote:
> In article <3F5B6378.5000408 at web.de> you write:
>
>>3.) deleteLocalRoles
>>
>>For implementing deleteMembers, two issues have to be resolved:
>>a) deleteLocalRoles is protected by roles, not by permissions. I propose
>>to protected it by ManageUsers of the object.
>>b) deleteLocalRoles should have a 'recursive' argument.
>
>
> This permission business is for me the most important thing. A hardcoded
> permission in the method means we can't modify the policy easily. In
> CPS, I planned to monkey patch it to check a permission (ManageUsers
> seems fine), which means I can give local roles management permission to
> whatever role I want.
Meanwhile I changed my mind a bit:
<http://mail.zope.org/pipermail/zope-cmf/2003-September/019377.html>
Now the only place ManageUsers is used for Local Role management is
getCandidateLocalRoles(). It controls if the user is allowed to assign
any Role or just Roles he has himself.
This is the current code on yuppie-deleteMembers-branch:
<http://cvs.zope.org/CMF/CMFCore/MembershipTool.py?rev=1.38.2.4&content-type=text/vnd.viewcvs-markup>
Hope that covers your needs. I'll merge the branch as soon as the
discussion regarding Exceptions is finished.
<http://mail.zope.org/pipermail/zope-cmf/2003-September/019423.html>
Cheers,
Yuppie
More information about the Zope-CMF
mailing list