[Zope-CMF] ActionsTool limitations

alan runyan alan runyan" <runyaga@runyaga.com
Wed, 17 Jul 2002 04:05:03 -0500 

NOTE: its 4AM and I'm very tired.

categories for actions are rather limiting.  especially if you consider the
idea of 'overloading' them for your own purposes.
i.e. we (Plone) have several categories used to structure the actions:
globals_tabs, local_tabs, and most interestingly - local_buttons.
local_buttons are used for people to 'more easily' localize their
folder_contents buttons.
but they only work for Managers.  because the permission is ('List folder
contents',) and although Owners have this permission
and Members are Owners of their home folders.  in
CMFCore.ActionsTool.listFilteredActionsFor() there is a hardcoded bit
that dictates the limitation of all categories that need to check
permissions settings:

            if not permissions:
                # This action requires no extra permissions.
                verified = 1
            else:
                if category in ('object', 'workflow') and object is not
None:
                    context = object
                elif category == 'folder' and folder is not None:
                    context = folder
                else:
                    context = portal
                for permission in permissions:
                    # The user must be able to match at least one of
                    # the listed permissions.
                    if _checkPermission(permission, context):
                        verified = 1
                        break

so.  categories started out really being 'context' of the action.  i.e. the
above code basically states: an action can only have a category that is in
['folder','object','workflow'] not to have context be the portal object.

we need to have categories divorced from 'what context we are checking the
permission against'.  so one possible ugly hack is to have a
permission_context which would be one of 'folder,object,portal'.  this would
need to be on each action.  this way we could say, 'my category uses object
to determines its permission settings' or uses folder context to determine
its permission settings.

and finally we need to refactor listFolderContentsFor() becuase its entirely
too complex and overwhelming.  or was it broken into smaller bits before and
inlined back into a whole for speed?  (i dont know function overhead in
python, is it significant? I would imagine not)

so in Plone right now.. I cant have Actions that have a category of
'local_buttons' work unless the Member has ('List folder contents',)
permission in the Portal object itself.  here is a suggestion from magnus:
does this look ok?  with this local_buttons will work.

Index: ActionsTool.py
===================================================================
RCS file: /cvs-repository/CMF/CMFCore/ActionsTool.py,v
retrieving revision 1.27
diff -r1.27 ActionsTool.py
248,249d247
<                 elif category == 'folder' and folder is not None:
<                     context = folder
251c249,250
<                     context = portal
---
>                     context = folder

~runyaga
p.s. sorry I didnt help out with CMF1.3 the past few weeks... personal life
demanded my complete attention