[Zope] Simpleton requests help - what's this mapping malarkey ?:)

chas panda@skinnyhippo.com
Mon, 20 Sep 1999 06:54:28 +0800


Thanks for the rapid response Kevin,

>I think the idea here is that you may wish to factor out permissions a bit
>more. Perhaps the standard "view management screens" permission works fine
>for most objects, but you have a particular widget that you want to handle
>more specifically. So, you can set map the permission to "View Widget
>Screens". Then, users whose role gives them the "view management screens"
>permission is free to do so with standard items, but they can't view those
>screens for your Widget class unless their role specifically gives them
>"View Widget Screens" permission.

Ok, so we need a corresponding "Zope permission" instance. So, here's a 
step-by-step (pretty much following what I can make out of your KmNews
product).
Consider a product MyProduct :

/MyProduct
	/MyClass
		/index_html
		/method2
	/MyClass_add_permission
	/MyClass_factory
	/MyClass_add
	/MyClass_addForm

To add permissions to let method2 change properties :
1) add a Zope Permission to the MyProduct folder. Let's call it
"MyPermission" 
2) go to MyClass and click on the "Permissions" tab.
3) select "MyPermission" from the multiple select list. This is 
   saying 'any instances of this product have the permission MyPermission'.
   This seems to be very much like a role. 
4) go to MyClass and then click on the "Define permissions" tab. 
5) opposite the "Manage Properties" label, select the "MyPermission" 
   ie. allow any instances of the class to manage the properties.

However, I seem to have missed something since nowhere did we specify 
*who* has this permission. (eg. anonymous users, or just managers.). 
Damn, I feel dense.


>Sure, you could muddle with the Security tab of each instance so that only
>the right people can view the management screens... but, using a mapping
>like this, you can set it at a higher level in the hierarchy and be done
>with it.

Actually, I'd have really liked it if there were a security tab on the 
zclass (not the instance) - but I notice that there are no security tabs
there.... only these wonderful "define permission" pages.  Wait, perhaps
that's a clue - why *aren't* there "security" tabs in  zclasses ? I mean,
for something as simple as setting "anonymous user can manage properties",
a standard security tab would have done the job fine.


>Hope this helps/makes sense...

Half way .... and your help is much appreciated.

Do you remember at school there was that annoying kid who stuck his
hand up, asked a question, the teacher replied, yet still he didn't
understand ? I'm that kid :)

chas