05 Feb 2003 16:43:48 -0500
On Tue, 2003-02-04 at 12:05, Sally Owens wrote:
> Apologies if this is something that has been covered on this list (I've
> only just joined but a quick glance at the archives didn't answer my
> We want to create a user role of 'Web Manager' in our CMF site and we want
> this user to be able to create new users but only new users *with a
> particular role* i.e. we don't want someone in a 'Web Manager' role to be
> able to create a new user and assign them the role of 'Manager', but we do
> want them to be able to assign the role of 'Web Editor' to a new user (the
> web editor role has fairly limited permissions).
> This is really a question about devolving responsibility I guess. We don't
> want to have to set up every new user and assign them a role - we want web
> managers to be able to set up users (for their team), but not for them to
> be able to set up very powerful user roles for these users. Is there a way
> of either restricting a permission (so that the permission to add a new
> user could be restricted to only allow the creation of users with certain
> roles) or an easy way of adding a new permission to the security tab list
> (so that we could have some sort of 'create a new Web Editor user' permission)?
> All advice gratefully appreciated!
The brute force approach would be to write an ExternalMethod (e.g,
loaded as '/psth/to/site/portal_skins/custom/createWebEditor'), which
can do all the appropriate checking, and call all the "disallowed"
methods, which you need.
Tres Seaver firstname.lastname@example.org
Zope Corporation "Zope Dealers" http://www.zope.com