[Zope3-Users] Trusted adapters and annotated security
Frank Burkhardt
fbo2 at gmx.net
Wed Jun 14 07:24:14 EDT 2006
Hi,
Is there a general way make an adapter 'inherit' annotated security permissions
from the object it adapted?
Some more information:
I've got an adapter IMyInterface->IAnnotatable. It's registered like this:
<adapter
for="mpgsite.workflow.interfaces.IAnnotatable"
factory=".annotatableadapter.MyAdapter"
provides=".interfaces.IMyInterface"
trusted="true"
/>
<class class=".annotatableadapter.MyAdapter>
<require
permission="zope.ManageContent"
interface=".interfaces.IMyInterface"
/>
</class>
Usually no user has 'zope.ManageContent' permission on anything. I applied
annotated security permissions on a single content object to provide 'johndoe'
with zope.manageContent permission for just this single object:
from zope.app.securitypolicy.interfaces import IPrincipalPermissionManager
perms=IPrincipalPermissionManager(self.context)
perms.grantPermissionToPrincipal('zope.ManageContent','johndoe')
'johndoe' is now able to i.e. call views like:
<page name="test.html"
for=".interfaces.IMyObject"
permission="zope.ManageContent"
/>
on this object. The object has an addition view:
class MyView(BrowserView):
def __call__(self):
adapter=IMyInterface(self.context)
adapter.method()
'method' is a method defined in IMyInterface but 'johndoe' is unable to successfully call MyView -
adapter.method() raises an Unauthorized exception.
Regards,
Frank
More information about the Zope3-users
mailing list