[Zope-CMF] Re: GenericSetup "rolemap" importer does not register new permissions

Tres Seaver tseaver at palladion.com
Thu Jan 3 10:29:54 EST 2008



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Damien Baty (ML) wrote:
> 	Hello,
> 
> Le 27/12/07 9:49, Wichert Akkerman a écrit :
>> Previously Damien Baty (ML) wrote:
>>> [...]
>>>
>>> For the record, I have proposed a patch that let us automatically 
>>> register a permission if the profile explicitly asks for it, with 
>>> something like:
>>>
>>>     ...
>>>     <permission name="My new permission"
>>>                   register="True">
>>>       <role name="Manager"/>
>>>       ...
>>>
>>>   https://bugs.launchpad.net/zope-cmf/+bug/178810
>> -1
>>
>> I think it's the wrong place to register permissions. Permissions are
>> something both code and application configuration (ie zcml) relies
>> on. That suggests that registering permissions in a GS profile is too
>> late in the game.
>>
>> To me it makes a lot more sense to register permissions and their 
>> default roles in zcml.
> 
>    Good point. But... how do you do that, then? :) There is a 'grant' 
> directive in Zope 3 defined in 'zope.app.securitypolicy', but this 
> package is not part of Zope 2.10 (nor Zope 2.11). Is there something 
> else I can use in Zope 2 to define permission/roles mappings?

The application is responsible for defining permissions and using them
to protect objects / methods.  Five enables using the stock
zope.security stuff to define permissions in ZCML, and to associate them
with interfaces / attributes.  See:

 - $ZOPE_HOME/lib/python/Products/Five/permissions.zcml

 - $ZOPE_HOME/lib/python/zope/security/meta.zcml

 - $ZOPE_HOME/lib/python/zope/app/security/meta.zcml

GenericSetup is responsible for capturing the "placeful" mapping of
permissions to roles (as set on the ZMI "security" tab).


Tres.
- --
===================================================================
Tres Seaver          +1 540-429-0999          tseaver at palladion.com
Palladion Software   "Excellence by Design"    http://palladion.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFHfP9x+gerLs4ltQ4RAskWAJ4gypOESDt+QnTogbgB12ANFJoFcQCeLp2G
t6tJ5J9VlrAPgbs/uaf+PTs=
=AMkn
-----END PGP SIGNATURE-----



More information about the Zope-CMF mailing list