[Zope] CopySupport methods permissions - do they make sense?
Dave Parker
dparker@globalcrossing.com
Thu, 04 Nov 1999 11:31:27 -0600
David Kankiewicz wrote:
> > Problem is, I'd also *like* to copy or clone a index_html page into the
> > user's new folder.
> >
> What you want is under the Proxy management tab.
>
> setup a role, in the "security" tab, that as "View management screens"
> and goto the proxy tab in the method or document and select the role you
> created, press "change".
>
Good idea, but it doesn't seem to work. I set the method to have a
proxy role of Manager (should work for sure, then I'll narrow it down
later). But it fails with a permission error on the paste part of a
clone operation. I looked in CopySupport (again) as it's failing in
_verifyObjectPaste(self, ob, REQUEST). Here's the salient bit:
if hasattr(meth, '__roles__'):
roles=meth.__roles__
user=REQUEST.get('AUTHENTICATED_USER', None)
if (not hasattr(user, 'has_role') or
not user.has_role(roles, self)):
raise 'Unauthorized', (
"""You are not authorized to perform this
operation."""
)
return
...which, to my very untrained eye, suggests that your approach would
work provided the user in question has one of the roles associated with
the method. Which would be fine, but how would I assign a role to an
anonymous user?
If I can't do that, I'm back to "there should be a seperate permission"