[Zope] confused on permissions and roles
Roché Compaan
roche at upfrontsystems.co.za
Thu Jul 1 08:03:32 EDT 2004
John Hunter wrote:
>>>>>>"Roché" == Roché Compaan <roche at upfrontsystems.co.za> writes:
>
>
> Roché> You got the first part right and that is making security
> Roché> declarations on your class, but you still have to specify
> Roché> security on the folder instance by going to the security
> Roché> tab and giving 'Administrator' the required permissions or
> Roché> writing code that does this automatically when you create
> Roché> the folder.
>
> Essentially my question is - can I do this step in code and if so how?
> I have a lot of objects and roles and its not practical to manually
> set the default permissions for each role in the web interface each
> time a new instance of my product is created. Essentially I want to
> define these defaults in my product code.
Yes, all classes subclassing RoleManager has a manage_permission method
that can be used to change permissions. You could for instance put the
following in manage_afterAdd of your class to give only Manager and
Administrator the 'View' permission and prevent this permission from
being acquired:
roles = ['Manager', 'Administrator']
self.manage_permission('View', roles, acquire=0)
Notice that permissions are set on the instance and if you change your
security policy in future you will have to write an update script that
fixes permissions on objects affected by the policy change.
--
Roché Compaan
Upfront Systems http://www.upfrontsystems.co.za
More information about the Zope
mailing list