Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Zope: CMF

Customised permissions

  

 
Zope cmf RSS feed   Index | Next | Previous | View Threaded


charlie at begeistert

Jun 3, 2009, 12:58 AM

Post #1 of 5 (466 views)
Permalink
Customised permissions
Hi,

this should be a no-brainer but apart from a recent discussion on the
death of local permissions I can't much on it - how do I use custom
permissions?

I've added them in to zcml but they don't crop up in the security
interfaces and, surprise, surprise, I get an error when I try and
import a role map that uses them.

<permission
id="charlie.can do everything"
title="Only rulerz can have this permission
/>

Do I need additional Python calls to the security modules to register
this? I'm not quite sure if the setDefaultRoles() in
CMFCore.permissions does this or not.

Charlie
--
Charlie Clark
Helmholtzstr. 20
Düsseldorf
D- 40215
Tel: +49-211-938-5360
GSM: +49-178-782-6226



_______________________________________________
Zope-CMF maillist - Zope-CMF[at]lists.zope.org
http://mail.zope.org/mailman/listinfo/zope-cmf

See https://bugs.launchpad.net/zope-cmf/ for bug reports and feature requests


wichert at wiggy

Jun 3, 2009, 4:05 AM

Post #2 of 5 (431 views)
Permalink
Re: Customised permissions [In reply to]
Previously Charlie Clark wrote:
> Hi,
>
> this should be a no-brainer but apart from a recent discussion on the
> death of local permissions I can't much on it - how do I use custom
> permissions?
>
> I've added them in to zcml but they don't crop up in the security
> interfaces and, surprise, surprise, I get an error when I try and
> import a role map that uses them.
>
> <permission
> id="charlie.can do everything"
> title="Only rulerz can have this permission
> />
>
> Do I need additional Python calls to the security modules to register
> this?

Not if you use collective.autopermission.

Wichert.

--
Wichert Akkerman <wichert[at]wiggy.net> It is simple to make things.
http://www.wiggy.net/ It is hard to make things simple.
_______________________________________________
Zope-CMF maillist - Zope-CMF[at]lists.zope.org
http://mail.zope.org/mailman/listinfo/zope-cmf

See https://bugs.launchpad.net/zope-cmf/ for bug reports and feature requests


charlie at begeistert

Jun 3, 2009, 4:33 AM

Post #3 of 5 (429 views)
Permalink
Re: Customised permissions [In reply to]
Am 03.06.2009 um 13:05 schrieb Wichert Akkerman:

> Not if you use collective.autopermission.

In which it states:

# This is borrowed from Products.CMFCore to avoid a dependency.

Where it states

# XXX This ought to be in AccessControl.SecurityInfo.

:-/

It looks like I only need use_mailhost_services which I've hooked up
in like this

security = ModuleSecurityInfo('Products.CMFCore.permissions') <-
should this reflect my module?

security.declarePublic('UseMailHostServices')
UseMailHostServices = Permissions.use_mailhost_services

in a dedicated permissions module which I just include in the
configuration. Although I do like the event handling. Wouldn't it be
an idea to put this actually in the CMF?

I also noticed that the CMF permissions are actually declared in Five.
Is there a reason for this? Surely the CMF permission declarations
should be in CMFCore

Charlie
--
Charlie Clark
Helmholtzstr. 20
Düsseldorf
D- 40215
Tel: +49-211-938-5360
GSM: +49-178-782-6226



_______________________________________________
Zope-CMF maillist - Zope-CMF[at]lists.zope.org
http://mail.zope.org/mailman/listinfo/zope-cmf

See https://bugs.launchpad.net/zope-cmf/ for bug reports and feature requests


optilude+lists at gmail

Jun 3, 2009, 6:47 AM

Post #4 of 5 (428 views)
Permalink
Re: Customised permissions [In reply to]
Charlie Clark wrote:
> Am 03.06.2009 um 13:05 schrieb Wichert Akkerman:
>
>> Not if you use collective.autopermission.
>
> In which it states:
>
> # This is borrowed from Products.CMFCore to avoid a dependency.
>
> Where it states
>
> # XXX This ought to be in AccessControl.SecurityInfo.
>
> :-/


That code is, but not the whole functionality. The functionality to
register Zope 2 style permissions when a <permission /> ZCML statement
is used is new to collectie.autopermission. I merged that back into Zope
for Zope 2.12, so if you're on 2.12 you're in luck. :)

> It looks like I only need use_mailhost_services which I've hooked up
> in like this
>
> security = ModuleSecurityInfo('Products.CMFCore.permissions') <-
> should this reflect my module?
>
> security.declarePublic('UseMailHostServices')
> UseMailHostServices = Permissions.use_mailhost_services
>
> in a dedicated permissions module which I just include in the
> configuration. Although I do like the event handling. Wouldn't it be
> an idea to put this actually in the CMF?

The point is that Zope 2 permissions spring into existence when you
start using them in a Module/ClassSecurityInfo. If nothing imports a
module that has one of those, your permission doesn't exist. Prior to
Zope 2.12, the <permission /> directive only used to map Zope 2
permissions to IPermission utilities, but not actually create new ones.

> I also noticed that the CMF permissions are actually declared in Five.
> Is there a reason for this? Surely the CMF permission declarations
> should be in CMFCore

Sure. Historical reasons.

Martin

--
Author of `Professional Plone Development`, a book for developers who
want to work with Plone. See http://martinaspeli.net/plone-book

_______________________________________________
Zope-CMF maillist - Zope-CMF[at]lists.zope.org
http://mail.zope.org/mailman/listinfo/zope-cmf

See https://bugs.launchpad.net/zope-cmf/ for bug reports and feature requests


charlie at begeistert

Jun 3, 2009, 7:56 AM

Post #5 of 5 (429 views)
Permalink
Re: Customised permissions [In reply to]
Am 03.06.2009 um 15:47 schrieb Martin Aspeli:

> That code is, but not the whole functionality. The functionality to
> register Zope 2 style permissions when a <permission /> ZCML statement
> is used is new to collectie.autopermission. I merged that back into
> Zope
> for Zope 2.12, so if you're on 2.12 you're in luck. :)

er, coughs, goes red - still on 2.10 for this project but there is a
chance we might update. Main difference would be the add views which
are all based on yuppie's CMF 2.1+ stuff which has since changed.

>> It looks like I only need use_mailhost_services which I've hooked up
>> in like this
>>
>> security = ModuleSecurityInfo('Products.CMFCore.permissions') <-
>> should this reflect my module?
>>
>> security.declarePublic('UseMailHostServices')
>> UseMailHostServices = Permissions.use_mailhost_services
>>
>> in a dedicated permissions module which I just include in the
>> configuration. Although I do like the event handling. Wouldn't it be
>> an idea to put this actually in the CMF?
>
> The point is that Zope 2 permissions spring into existence when you
> start using them in a Module/ClassSecurityInfo. If nothing imports a
> module that has one of those, your permission doesn't exist. Prior to
> Zope 2.12, the <permission /> directive only used to map Zope 2
> permissions to IPermission utilities, but not actually create new
> ones.

Thanks for the explanation. So without the event handler I need to
register the permission manually? That would explain what we're
observing.

>> I also noticed that the CMF permissions are actually declared in
>> Five.
>> Is there a reason for this? Surely the CMF permission declarations
>> should be in CMFCore
>
> Sure. Historical reasons.


Can't argue with them! ;-)

Charlie
--
Charlie Clark
Helmholtzstr. 20
Düsseldorf
D- 40215
Tel: +49-211-938-5360
GSM: +49-178-782-6226



_______________________________________________
Zope-CMF maillist - Zope-CMF[at]lists.zope.org
http://mail.zope.org/mailman/listinfo/zope-cmf

See https://bugs.launchpad.net/zope-cmf/ for bug reports and feature requests

Zope cmf RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact lists@gossamer-threads.com
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.