[Zope-CMF] Re: Allowing content authors to only delete some
content from a folder
Florent Guillaume
fg at nuxeo.com
Wed Oct 22 09:23:35 EDT 2003
> Below is what I added to my content-type:
> -----------------------------------------
>
> from AccessControl import ClassSecurityInfo
> from OFS.ObjectManager import BeforeDeleteException
>
> security = ClassSecurityInfo()
> security.declarePrivate('manage_beforeDelete')
>
> def manage_beforeDelete(self, item, container):
> membership = getToolByName( self, 'portal_membership' )
> user=membership.getAuthenticatedMember()
> roles = user.getRolesInContext(item)
> wftool = getToolByName( self, 'portal_workflow' )
> state = wftool.getInfoFor( self, 'review_state' )
> if state == 'published':
> raise BeforeDeleteException, 'Cant delete a
> published item' + user.getUserName() + str(roles) + str(self)
> BaseTemplate.manage_beforeDelete( self, item, container )
I'd use
user = getSecurityManager().getUser()
which will be quite faster.
You should provide a default to getToolByName if the object is not in a
CMF portal.
You should provide a default value for getInfoFor, in case your object
isn't CMF, doesn't have a workflow or doesn't have a review_state.
Also you should provide a passthrough in the case where Manager is in
the roles, otherwise in some cases even a Manager won't be able to
delete objects.
Florent
--
Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 87 http://nuxeo.com mailto:fg at nuxeo.com
More information about the Zope-CMF
mailing list