[Zope-dev] __ac_permissions__

Chris Withers chrisw@nipltd.com
Sun, 04 Jun 2000 18:54:51 +0100


Hi,

The ac_permissions for Squishdot currently looks like this:

    __ac_permissions__=Folder.__ac_permissions__+(     
        ('Manage postings', ['manage_delete',    
                             'manage_postings',
'recatalogPostings']),     
        ('Add postings', ['addPosting'], ('Anonymous', 'Manager')),     
        )     

So how come someone with only the following permissions:

 Access contents information  
 Add postings 
 Manage postings  
 View 

can view manage_main and execute the updateIndexing method, even though
that's not mentioned anywhere?

What I'd like to have is for people with the 'Manage postings'
permission to be able to view the manage_postings form (the 'Postings
Tab) as the only tab in the /manage view as well as execute
manage_delete and recatalogPostings ONLY.

How do I do this? Do I use __ac_permissions__ or do I have to manaually
check things in the updateIndexing method? (which won't work for
manage_main...)

Is there any documentation on __ac_permissions__ other than in the Old
Product API?

cheers,

Chris