[Zope-CMF] Security Question

Dieter Maurer dieter@handshake.de
Sun, 24 Feb 2002 17:57:41 +0100


Chris Withers writes:
 > Dieter Maurer wrote:
 > > 
 > >   *  A CMF Site that really cares can easily provide a finer grained
 > >      protection.
 > 
 > How?
You already got the answer to this same question (not from me, but
someone else).

Here is it again, slightly generalized (because it's you who asks :-))

     The permission that controls the creation of a portal content
     type is specified in the product's "initialize" call
     with the function "ContentInit".
   
     The default (in "CMFDefault.__init__") looks like:

	    utils.ContentInit( 'CMFDefault Content'
	                     , content_types=contentClasses
	                     , permission=ADD_CONTENT_PERMISSION
	                     , extra_constructors=contentConstructors
	                     , fti=Portal.factory_type_information
	                     ).initialize( context )
	       
     You can assign separate permissions, by e.g.

	    utils.ContentInit( 'Portal File',
	                       content_types= (File.File,),
			       permission= 'Add portal files',
			       extra_constructors= (File.addFile,),
			       fti= Portal.factory_type_information,
			      ).initialize(context)

	    utils.ContentInit( 'Portal Document',
	                       content_types= (Document.Document,),
			       permission= 'Add portal documents',
			       extra_constructors= (Document.addDocument,),
			       fti= Portal.factory_type_information,
			      ).initialize(context)

	    ....


Probably, you would prefer that the protecting permission becomes
an attribute of the factory type information (I think that would be
great), but you can already now achieve separated permissions
with a bit of (Python based) customization.


Dieter