[Zope] Local roles and acquisition
Dieter Maurer
dieter@handshake.de
Wed, 23 Apr 2003 21:06:07 +0200
Etienne Labuschagne wrote at 2003-4-23 10:01 +0200:
> I have the following problem regarding local roles and acquisition:
>
> Folder structure:
>
> A------B------index_html
> |
> ----worker
>
>
> A and B are folders, worker is an object with some handy methods. These
> methods are declared protected with security.declareProtected('Manage
> properties').
>
> The index_html in B uses some of the functions in worker, so whoever is
> using index_html must have a role that has the permission 'Manage properties'.
>
> When I assign a local role to someone in folder B that has the permission
> 'Manage properties', I still cannot access the protected methods in
> worker.
Your diagram is not completely clear but I suppose "worker" is in
"A" (and not in "B").
Then, the behaviour you observe is as it should be.
When you call a protected method on an object, the
user must have the necessary permission (mapped to roles) on
*THAT* object.
Local roles (like other security settings) are only
acquired via containment (i.e. statically with respect to
the site structure) and not via context.
Dieter