[Zope-dev] Folder Subclassing Problem

James W. Howe jwh@allencreek.com
Thu, 24 Feb 2000 12:20:19 -0500 

At 05:35 AM 2/24/00 -0500, Martijn Pieters wrote:
>From: James W. Howe [mailto:jwh@allencreek.com]
>
>[Synopsis:
>       Created a subclass of Folder
>       Defined my own manage_main
>       Created instance of my folder subclass
>       Defined a new role for the folder and permitted the role to view
>            management screens, contents, but nothing else.
>       Tested for superuser and things worked.
>       Tested for my custom role and only saw the index_html]
>
>I still don't know for sure, as I don't have the time to investigate,
>but I think there are some problems with the security interface, making
>security too tight. It just doesn't work as expected.
>
>Try this: Create your Role and user in the top-level acl_users folder.
>Then give that Role permission to view management screens either on the
>top-level folder or on your own product.

I tried what you suggested above, but the results were the same.  I then 
decided to comment out the code in my subclass where I define my 
manage_main (i.e. manage_main = HTMLFile(...)).  I reran my tests and this 
time both my superuser and my custom role were able to see the management 
interface and the contents screen (aka manage_main).  For some reason, when 
my subclass uses its own manage_main, the permissions don't seem to work 
properly.  Further evidence of this comes from some debugging I did in 
Management.py.  I stepped through the filtered options code.  When the 
"contents" object was asked for it's roles, it answered 
"Manager".  Naturally, when the user wasn't the manager, this option got 
filtered out because the user didn't have access to it.  In my security 
screen, I have View management screens, and Access contents information 
checked for both my manager and my custom role.  I then modified my code to 
eliminate my definition of manage_main and instead use the one defined by 
ObjectManager.  I then stepped through the debugger once again.  This time, 
when the roles of the manage_main object were given, it came back as a 
collection of 'Manager', 'Publisher' (my new role), 'Manager'.  I'm still 
investigating why this might be happening.

James W. Howe				mailto:jwh@allencreek.com
Allen Creek Software, Inc.		pgpkey: http://ic.net/~jwh/pgpkey.html		
Ann Arbor, MI  48103