[Zope-CMF] Re: GenericSetup "rolemap" importer does not register new permissions

Wichert Akkerman wichert at wiggy.net
Thu Jan 3 10:37:33 EST 2008


Previously Tres Seaver wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Damien Baty (ML) wrote:
> > 	Hello,
> > 
> > Le 27/12/07 9:49, Wichert Akkerman a écrit :
> >> Previously Damien Baty (ML) wrote:
> >>> [...]
> >>>
> >>> For the record, I have proposed a patch that let us automatically 
> >>> register a permission if the profile explicitly asks for it, with 
> >>> something like:
> >>>
> >>>     ...
> >>>     <permission name="My new permission"
> >>>                   register="True">
> >>>       <role name="Manager"/>
> >>>       ...
> >>>
> >>>   https://bugs.launchpad.net/zope-cmf/+bug/178810
> >> -1
> >>
> >> I think it's the wrong place to register permissions. Permissions are
> >> something both code and application configuration (ie zcml) relies
> >> on. That suggests that registering permissions in a GS profile is too
> >> late in the game.
> >>
> >> To me it makes a lot more sense to register permissions and their 
> >> default roles in zcml.
> > 
> >    Good point. But... how do you do that, then? :) There is a 'grant' 
> > directive in Zope 3 defined in 'zope.app.securitypolicy', but this 
> > package is not part of Zope 2.10 (nor Zope 2.11). Is there something 
> > else I can use in Zope 2 to define permission/roles mappings?
> 
> The application is responsible for defining permissions and using them
> to protect objects / methods.  Five enables using the stock
> zope.security stuff to define permissions in ZCML, and to associate them
> with interfaces / attributes.  See:
> 
>  - $ZOPE_HOME/lib/python/Products/Five/permissions.zcml
> 
>  - $ZOPE_HOME/lib/python/zope/security/meta.zcml
> 
>  - $ZOPE_HOME/lib/python/zope/app/security/meta.zcml
> 
> GenericSetup is responsible for capturing the "placeful" mapping of
> permissions to roles (as set on the ZMI "security" tab).

As far as I know that only maps existing Z2 permissions to Z3
permissions. It does not allow you to register new Z2 permissions.

Wichert.

-- 
Wichert Akkerman <wichert at wiggy.net>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.


More information about the Zope-CMF mailing list