[Zope-CMF] Content types & user roles question
Tres Seaver
tseaver@digicool.com
Sat, 14 Apr 2001 00:30:40 -0400
Adrian Madrid wrote:
>
> I've been wondering that myself and so far I the only
> thing I have come up with is a shameless hack that
> follows.
<shameless hack snipped>
FactoryTypeInformation type objects (FTIs) use the permissions
of the factory method to screen unauthorized users from creating
content of their type. For instance, if you have a product, CMFFoo,
which exposes a method 'addFoo', and that method is protected by
the permission, 'Add Foos', then only users who have the 'Add Foos'
permission will be able to create Foo instance by calling
'createInstance' on the FTI.
ScriptableTypeInformation type objects (STIs) have an explicit
permission associated with them; users who don't have that
permission can't invoke 'createInstance' on them.
> In skins/generic you'll find the method
> folder_factories that is called when a member clicks
> on New in their desktops. I have taken part of the
> generated source and added a conditional to let
> different users select depending on their roles.
> General members get to create Folders, Links and
> Favorites while Staff members can create the rest. The
> bit that will interest you the most is:
>
> <dtml-if "'Staff' in
> _.SecurityGetUser().getRolesInContext(Portal)">
>
> Thanks to Tres and Nick for their help on finding out
> how to tell if somebody has a certain role.
>
> WARNING: This method does NOT use the rights mechanism
> and therefore is insecure in that, ie., normal members
> could still create documents although they will have
> to know zope, dtml, etc.
>
> Anyway, hope it helps,
Hope that clears up the misunderstanding,
Tres.
--
===============================================================
Tres Seaver tseaver@digicool.com
Digital Creations "Zope Dealers" http://www.zope.org