[Zope] Permissions and Instances of ZClasses

Dieter Maurer dieter at handshake.de
Tue Nov 1 05:54:52 EST 2005


Dave Case wrote at 2005-10-26 15:32 -0700:
>I'm trying to build a  product through the  ZMI (like the example in
>The Zope Book), I have some DTML methods in a ZClass were I want to be
>able to do a SecurityCheckPermission() on a permission that I have
>defined in the containing product.

What does that mean?

Do you see the corresponding "Permission" object in your product?

> ...
>When I look around in the Permissions and Define
>Permissions of the various objects (both the ZClass, and the DTML
>methods), I don't see my permission in the lists, except for under
>'Class Permissions'  in the Permissions tab for the ZClass (were I
>have highlighted it, which I assume is correct?)
>
>The call to SecurityCheckPermission() looks like this...
>
><dtml-if expr="_.SecurityCheckPermission('Manage Diary',this())">

Do you get any errors (full error information is always vital
when you report problems; in case of "Error"s, this includes
at least "Error type", "Error value" and the traceback!).

But, I suppose that you misunderstand how permissions work (in general
and with ZClasses in particular).

  "SecurityCheckPermission(P,o)" will only return true when
  the current user has permission "P" on object "o".
  The "user -> role" and "role -> permission" mapping determine this
  fact.

  Thus, unless you adapted a "role -> permission" mapping,
  only the Zope "Manager" will have this permission (by default).

A ZClass combines some objects whose methods are protected by
specific permissions. You may want to change these permissions
for your ZClass components. Therefore, you can define permissions
("Define permissions" tab) available for this purpose.
Then, in your specific object, you can use the "Permission mapping"
tab to map the objects permissions to some of your own.

-- 
Dieter


More information about the Zope mailing list