[Zope] [Security] When are permissions accessible to scripts in skins?
Jean Jordaan
jean@upfrontsystems.co.za
Tue, 20 May 2003 13:52:56 +0200
Hi all
In my product's __init__.py, I register the permission
'Manage OrganisationPosition':
context.registerClass(
OrganisationPosition.OrganisationPosition,
permission = 'Manage OrganisationPosition',
constructors = (
OrganisationPosition.manage_addOrganisationPositionForm,
OrganisationPosition.manage_addOrganisationPosition),
)
The product contains skins, which include scripts I want to protect
with permissions I define. I use a file 'script.py.security'
containing:
Manage OrganisationPosition:acquire:Manager,Administrator
This results in the following error:
2003-05-20T13:42:13 ERROR(200) DirectoryView Error setting permission
from .security file information
Traceback (innermost last):
File [...]/Products/CMFCore/DirectoryView.py, line 293, in
prepareContents
File /usr/local/zope/Zope-2.6.1-src/lib/python/AccessControl/Role.py,
line 174, in manage_permission
(Object: position_add)
Invalid Permission: The permission <em>Manage OrganisationPosition</em>
is invalid.
Is this intended behaviour? What permissions are valid for inclusion
in .security files? If I use the "View" permission, I get no error.
Regards,
--
Jean Jordaan
http://www.upfrontsystems.co.za