[Zope-dev] Owner Role and ZCatalog

Jason Spisak webmaster@mtear.com
Thu, 02 Sep 1999 15:44:17 -0800 

Oooooo.

Nice stuff.  The permissions and Roles are a hairy beast to get a hold
of.  I have Users, and Groups, and Assistants who can act just like the
Manager in a certain context.  Is there any definitive place to get an
example of harnessing the true power of Zope's Roles and permissions? 
Right now for a group, I have a 'Group_1' role, and that group has a
Group_Manager.  But I have now way of tying the two together except for
<!--#if "AUTHENTICATED_USER.has_role('Group_Manager') and
AUTHENTICATED_USER.has_role('Group_1')"-->  then tie that into whether
or not htey are the owner, and account for the assistant.  Whew!  Any
help in implementing this would be helpful.

Thanks a bunch!

Jason 

Brian Lloyd wrote:
> 
> > Thanks Brian!
> >
> > This is terrific.  I tried yesterday to test to see if the owner role
> > was working in Zope 2, and I wasn't having any luck.  I tried the:
> > <!--#with myobject-->
> >    <!--#if "AUTHENTICATED_USER.has_role('Owner')"-->
> >        foo
> >    <!--#/if-->
> > <!--#/with-->
> >
> > And no matter who had created the object I got back foo for the Users
> > with the manager role, and nothing for everyone else.
> >
> > Jason
> 
> Yes - note that "local roles" are just that - local to a
> particular object. The has_role method of the User objects
> can take an optional second argument, which is the object
> to be used as context for determining if the User has the
> given role. If the second argument is passed, has_role will
> take local roles into account - otherwise it will only look
> through the roles actually assigned to the User itself.
> 
> If you try:
> 
> <!--#with myobject-->
>    <!--#if "AUTHENTICATED_USER.has_role('Owner', this())"-->
>        foo
>    <!--#/if-->
> <!--#/with-->
> 
> ...then you should get the right answer. This is something that
> needs to go into the API documentation for 2.0. Along these same
> lines, if you ever use the getRoles method of User objects, note
> that this will only give you the roles actually assigned to the
> User. To get the list of the roles of a user taking into account
> the local roles of an object, you can call:
> 
> AUTHENTICATED_USER.getRolesInContext(object)
> 
> Brian Lloyd        brian@digicool.com
> Software Engineer  540.371.6909
> Digital Creations  http://www.digicool.com