[Zope] Simpleton requests help - what's this mapping malarkey ?:)

Kevin Dangoor kid@kendermedia.com
Sun, 19 Sep 1999 17:22:09 -0400


-----Original Message-----
From: chas <panda@skinnyhippo.com>
To: zope@zope.org <zope@zope.org>
Date: Sunday, September 19, 1999 5:21 PM
Subject: [Zope] Simpleton requests help - what's this mapping malarkey ?:)


>eg. Ok, so let's look at a typical "define permissions" page :
>
>    - Access contents information      <disabled>
>    - Change DTML Methods              <disabled>
>    - Change permissions               <disabled>
>    - Change proxy roles               <disabled>
>    - Delete objects                   <disabled>
>    - FTP access                       <disabled>
>    - Manage properties                <disabled>
>    - View                             <view>
>    - View management screens          <disabled>
>
>OK, so "view management screens" is now disable and nobody can
>view them. Fair enough.  But say I want to enable them, why
>would I want to map "view management screens" to anything
>other than, er, "view management screens" ? And where is the
>correlation between this action and a user's identity ?

I think the idea here is that you may wish to factor out permissions a bit
more. Perhaps the standard "view management screens" permission works fine
for most objects, but you have a particular widget that you want to handle
more specifically. So, you can set map the permission to "View Widget
Screens". Then, users whose role gives them the "view management screens"
permission is free to do so with standard items, but they can't view those
screens for your Widget class unless their role specifically gives them
"View Widget Screens" permission.

Sure, you could muddle with the Security tab of each instance so that only
the right people can view the management screens... but, using a mapping
like this, you can set it at a higher level in the hierarchy and be done
with it.

Hope this helps/makes sense...

Kevin