[Zope-dev] Re: [Zope-CMF] registerClass ignoring permissions defined in the class?
Dieter Maurer
dieter@handshake.de
Fri, 18 Jul 2003 21:24:53 +0200
Jean Jordaan wrote at 2003-7-18 16:35 +0200:
> For the second time in a couple of months, I found myself
> wrestling with security on FSPythonScripts (and eventually
> thinking hell with it, and just moving the functionality
> to a class method). Anyway, I found this, which looks like
> an inconsistency between docs and implementation:
>
> In ProductContext.registerClass the docstring says:
>
> permissions -- Additional permissions to be registered
> If not provided, then permissions defined in the
> class will be registered.
>
> However, registerClass only handles permissions that are
> passed in:
>
> if permissions:
>
> It doesn't look at permissions defined in the class at all. Am
> I missing something?
I think these permissions are registered already be "InitializeClass".
There should be no need for "registerClass" to do something special
for this.
> The reason I thought this matters is that this works fine in a
> CMF .metadata file:
> ...
> but this doesn't:
>
> """
> [security]
> Use LDAPService=1:Anonymous
> """
>
> AccessControl.Role.manage_permission complains:
> "Invalid Permission: The permission <em>Use LDAPService</em> is invalid."
> The permission does, however, show up on the ZMI security tab,
> and if I set it for Anonymous on a parent of the script, the script
> executes fine.
This indicates for me that "Use LDAPService" has been registered.
I would debug why "manage_permission" complains.
Dieter