[Zope] CopySupport methods permissions - do they make sense?
Dave Parker
dparker@globalcrossing.com
Thu, 04 Nov 1999 14:50:59 -0600
Brian Lloyd wrote:
>
> > Yup, it should, but it doesn't (even tried doing proxy Manager on the
> > method). I think something is really honestly broken here. There's a
> > blurb in the CopySupport module that refers to the fact that
> > the various
> > copy methods do their own security, and you can see it in
> > _verifyObjectPaste().
> >
> > In particular, the statement:
> >
> > ...
> >
> > (and the fact that I get stopped here all the time) suggests
> > that it is
> > currently impossible for a user that does not have some role
> > or another
> > to actually perform a copy. Proxy roles don't seem to get
> > past this, and
> > I don't know of a way to assign a role (temporary or otherwise) to an
> > anonymous user.
>
> The _verifyObjectPaste code does its own validation for a
> reason - to paste or rename an object, you *must have the
> permission to add that particular kind of object*. There
> is a bug report in the Collector with regard to proxy roles
> not always percolating down the call stack the way they
> should - I suspect that's the reason that your proxy approach
> didn't work (we'll be looking into that)
Ok - I feel better - at least I wasn't imagining things ;)
> Note that you
> should be able to go to the "Security" tab of a Folder and
> give "Anonymous" the "Add xxx permission" for those types
> of objects that they will need to be able to copy...
Actually I've tried all that - the problem I have is that in order to be
able to use the copy functions I need to have "View management screens"
turned on for anonymous (which I definitely do *not* want to do). I'm
just guessing that it has something to do with:
[...]
class CopyContainer(ExtensionClass.Base):
"""Interface for containerish objects which allow cut/copy/paste"""
__ac_permissions__=(
('View management screens',
('manage_cutObjects', 'manage_copyObjects',
'manage_pasteObjects',
'manage_renameForm', 'manage_renameObject',)),
)
[...]