[Zope-dev] Permission Question

[Dieter Maurer]

Andre Schubert writes:
 > i have i question on the permission-system of zope.
 > Lets say i have a product which contains a zclass "foo" and i have created
 > a role "foo_role" where every user belonges to this role
 > is able to add "foo" instances. This works fine.
 > But how do i define my permissions so, that all users which belong to
 > "foo_role" are able to delete "foo"-instances.
 > 
 > I created a zope-permission "Delete Foo objects", then i mapped this permission
 > to "Delete objects" in the zclass "foo" like the mapping from "Add Foos" to "Create class instances".
 > But this doesnt work.
"Delete objects" is a permission of the container (containing the objects
to be deleted) and not the objects themselves.

You can make your own object deletion method (script) that applies
the permission checks you want (give it a "Manager" proxy role,
such that it is able to actually delete the objects).


Dieter