[Zope] Question about __ac_permissions__ and more generally...

Tres Seaver tseaver@palladion.com
Thu, 14 Jun 2001 21:40:07 -0400


Michel Pelletier <michel@digicool.com> wrote:

> On Thu, 14 Jun 2001, Bocquillon Philippe wrote:
> 
>> In the following piece of Python code for Zope:
>>
>> __ac_permissions__=(
>> ('View management screens', ('manage_main',)),
>> ('View', ('', 'index_html', 'update',
>> 'show_source','view_image','picture',)),
>> ('Change', ('manage_edit',), ('Manager',)),
>> )
>>
>> Could you tell me:
>>
>> 1) What does the first "empty" method ('') associated to the View permission
>> mean?
> 
> 
> The default view.  Synonymous with index_html


This spelling defines the "default permission" for instances of
the class:  it ends up setting the '__roles__' for the class (and
therefore for its instances).  This setting is only really important
when the object *itself* expects to be published (i.e., it is
callable, and defines 'index_html' to be None).  If the instance
has or acquires an 'index_html', then that method may have its own
'__roles__', which will apply, rather than the ones set on the
object (the last one found during traversal applies).

Check out AccessControl.SecurityInfo.declareObjectProtected();
under the covers, it is doing the exact same thing, but its
name makes the intent clearer.

Tres.

--

===============================================================
Tres Seaver                                tseaver@digicool.com
Digital Creations     "Zope Dealers"       http://www.zope.org