[Zope] Setting Local Roles from Python

Chris Price cprice@orbik.com
27 Nov 2001 17:17:43 -0600


you can do this type of thing via the method

manage_setLocalRoles(self, userid, roles, REQUEST=none)

you can check out the source in lib/python/AccessControl/Role.py

but basically, if 'Manager' is in the roles list that you pass to the
function, the user will have Manager access to that object.

one catch is that whatever object that you have call
'manage_setLocalRoles' will need to have the correct permission to call
it.  I think it is the 'Manage Users' or 'Change Permissions'
permission.  This should only be an issue if you are trying to add the
role programatically as opposed to manually.  You can also set up a
'proxy role' on the object that is going to be calling
manage_setLocalRoles--that way the user doesn't necessarily have to have
'Manager' role in order to invoke your call to 'manage_setLocalRoles'.

I have created a product called 'ZLocalRolesManager' that I am thinking
about cleaning up and releasing on zope.org.  Its purpose is to provide
an easy way for you to allow users to assign local roles on objects. 
The way it works is, you create an instance of it, and set a property
called allowed_roles.  allowed_roles has type 'lines' and contains a
list of roles that you want it to allow the user to dole out.

then you can set up a view in a zclass, or just set up a DTML method
that calls the LocalRolesManager, and your users will have the ability
to assign local roles.  They will only be able to assign the specified
roles, so you can prevent them from handing out 'Manager' roles, etc.,
if you choose.

it's a very simple product but it has been very useful to me... if
anyone is interested in it shoot me an e-mail, and that will encourage
me to clean it up and post it on zope.org. :)

chris

On Tue, 2001-11-27 at 17:03, Keith Alperin wrote:
> Greetings!  I am relatively new to Zope, and have benefited greatly from
> following this mailing list.  Currently, I have a Member product which
> (among other things) stores information about the members of my site.  I
> am trying to figure out how to set the local role of a specific user to
> be the manager of a specific Member object (so that the user can manage
> their own Member object, but no others.)  Unfortunately, I have not been
> able to find any information on how to do this from my product.  Any
> assistance would be greatly appreciated.
> 
> Warmest Regards,
> Keith R. Alperin
> 
> 
> 
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists - 
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )