[Zope] list of naive questions

Chris McDonough chris@iqgroup.com
Sun, 10 Oct 1999 20:57:21 -0400


Hmmm. I see.  So you're looking to create a role per-instance that has
*only* that rights to that permission and execute the method by proxying as
that role.  Taking a look at the source generated by the "Define
Permissions" tab of the Zope management interface and other places:

- There exists a method called "manage_defined_roles" which I assume to be
present for all objects.  You can add this to your *Class_add method in the
zclass that creates the instance.  It looks like you call it like this
(within the method you're trying to add a role to -- untested --):

<dtml-call "manage_defined_roles?role=rolename">

-  There exists another method called "manage_role" which adds permissions
to your role and accepts arguments something like this (again, untested):

<dtml-call
"manage_role?role_to_manage=rolename&permissions:list=permissionname>

- And finally, there exists a method, "manage_proxy" that will allow you to
assign a proxy role to a method, it looks like you call it something like
this:

<dtml-call "manage_proxy?roles:list=role">

Since you know that at least three roles exist from the root of any default
Zope 2.x installation (anonymous, manager, owner), however, personally, I
might try not to create a new role for that method, unless you're very, very
concerned about security and you'd like to limit the role to that action
only.  I'd probably just give the permission to the manager role and proxy
as manager.  You're probably smarter, I'm just lazy :).

HTH,

Chris


-----Original Message-----
From: bruce@perens.com
To: bruce@perens.com; chris@iqgroup.com; zope@zope.org
Sent: 10/10/99 8:26 PM
Subject: RE: [Zope] list of naive questions

From: Chris McDonough <chris@iqgroup.com>
> Why do you want to export a role with your product?

Because the proxy method needs only _one_ permission, and I would set
that
permission in the role, and not hassle the administrator with the need
to
create it. All administrators who use the product will have to do the
exact
same thing - create a role with one permission, which is a pretty good
definition of when software should do something for you.

I have an object that users are allowed to create, but not modify
afterward.
But the usual method of creating objects in Zope is to create them and
then
modify their properties. Thus, there has to be a "constructor" method
that
can be called by unprivileged users and has permission to modify the
properties of an object it's just created.

	Thanks

	Bruce