[Zope] Setting Local Roles from Python

Keith Alperin KAlperin@ignitesports.com
Wed, 28 Nov 2001 18:40:15 -0600 

This is exactly what I needed!  There are two things I would like to
clarify for other Newbies:

1)the method that is provided below is taken from the source.  Thus, in
order to call the method you need to omit the 'self' argument:
manage_setLocalRoles(userid, roles, REQUEST=3Dnone)

2) The 'roles' argument is a list, so passing in a string is read as a
list of characters.  Thus, the method call might look like this:
manage_setLocalRoles('myid', ('Manager',), REQUEST=3Dnone)

Thanks so much Chris for your help!

Best,
Keith R. Alperin




 -----Original Message-----
From: 	Chris Price [mailto:cprice@orbik.com]=20
Sent:	Tuesday, November 27, 2001 5:18 PM
To:	Keith Alperin
Cc:	zope@zope.org
Subject:	Re: [Zope] Setting Local Roles from Python

you can do this type of thing via the method

manage_setLocalRoles(self, userid, roles, REQUEST=3Dnone)

you can check out the source in lib/python/AccessControl/Role.py

but basically, if 'Manager' is in the roles list that you pass to the
function, the user will have Manager access to that object.

one catch is that whatever object that you have call
'manage_setLocalRoles' will need to have the correct permission to call
it.  I think it is the 'Manage Users' or 'Change Permissions'
permission.  This should only be an issue if you are trying to add the
role programatically as opposed to manually.  You can also set up a
'proxy role' on the object that is going to be calling
manage_setLocalRoles--that way the user doesn't necessarily have to have
'Manager' role in order to invoke your call to 'manage_setLocalRoles'.

I have created a product called 'ZLocalRolesManager' that I am thinking
about cleaning up and releasing on zope.org.  Its purpose is to provide
an easy way for you to allow users to assign local roles on objects.=20
The way it works is, you create an instance of it, and set a property
called allowed_roles.  allowed_roles has type 'lines' and contains a
list of roles that you want it to allow the user to dole out.

then you can set up a view in a zclass, or just set up a DTML method
that calls the LocalRolesManager, and your users will have the ability
to assign local roles.  They will only be able to assign the specified
roles, so you can prevent them from handing out 'Manager' roles, etc.,
if you choose.

it's a very simple product but it has been very useful to me... if
anyone is interested in it shoot me an e-mail, and that will encourage
me to clean it up and post it on zope.org. :)

chris

On Tue, 2001-11-27 at 17:03, Keith Alperin wrote:
> Greetings!  I am relatively new to Zope, and have benefited greatly
from
> following this mailing list.  Currently, I have a Member product which
> (among other things) stores information about the members of my site.
I
> am trying to figure out how to set the local role of a specific user
to
> be the manager of a specific Member object (so that the user can
manage
> their own Member object, but no others.)  Unfortunately, I have not
been
> able to find any information on how to do this from my product.  Any
> assistance would be greatly appreciated.
>=20
> Warmest Regards,
> Keith R. Alperin
>=20
>=20
>=20
> _______________________________________________
> Zope maillist  -  Zope@zope.org
> http://lists.zope.org/mailman/listinfo/zope
> **   No cross posts or HTML encoding!  **
> (Related lists -=20
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope-dev )