[Zope-dev] Objects, Roles and Permissions

Randall F. Kern randy@spoke.net
Tue, 10 Apr 2001 10:03:35 -0700


I haven't worked with this code closely in a few months, but as I recall
permissions that are acquired are stored as a list, and those that
aren't are stored as a tuple.

if type(self._View_Permission) =3D=3D type(()):
	# done, this permission isn't acquired above this point

Furthermore, I may be missing the point of this thread, but if you are
trying to get the list of all roles assigned to a permission (from a
python product), you could use this:

from AccessControl.PermissionRole import rolesFromPermissionOn

roles =3D rolesFromPermissionOn('View', ob)


-Randy


> -----Original Message-----
> From: Danny William Adair [mailto:Danny@Adair.net]
> Sent: Monday, April 09, 2001 7:49 PM
> To: richard@bizarsoftware.com.au
> Cc: zope-dev@zope.org
> Subject: Re: [Zope-dev] Objects, Roles and Permissions
>=20
>=20
> Thank you very much, Richard! Cool!
>=20
> Still...
>=20
> >>> ...
> >>> Feel free to expand the method to other roles
> >>> and the full suite of permissions.
> >>> ...
>=20
> Other *roles*? Roles are what's coming back, isn't it?
>=20
> >>>     def viewPermissions(self, acquired=3D0):
> >>>         ''' walk up the acquisition path to find a=20
> _View_Permission
> >>>             attribute...  possibly _only_ the acquired=20
> permissions.
> >>>         '''
> >>>         chain =3D self.aq_chain
> >>>         if acquired:
> >>>             chain =3D chain[1:]
> >>>         for self in chain:
> >>>             if hasattr(self.aq_base, '_View_Permission'):
> >>>                 return self._View_Permission
> >>>         return ['Manager']
>=20
> "possibly _only_ the acquired permissions" - oops! Your=20
> snippet worked fine
> _if_ the view permission was acquired by that object. As soon=20
> as I turned
> off acquisition for the view permission of the object, it=20
> would still give
> me the acquired roles (that in fact were'nt acquired).  What=20
> does the "if"
> statement look like that would return the object's own roles=20
> for the View
> Permission if acquisition was turned off? Naive Danny who=20
> doesn't know s...
> tried to put
>=20
> if hasattr(self.aq_base, '_View_Permission'):
>     return self._View_Permission
>=20
> at the beginning of your code, but no effect. :-(
>=20
> But now I see how to access specific permissions and read=20
> their content (do
> I? I'll experiment with it), thank you very much! I will put a
> string.replace on top and pass the Permission to examine by string
> parameter, and call that whole stuff "getAllowedRoles".
>=20
> A "getGrantedPermissions" for examining a role should work=20
> similarly, right?
>=20
> def ac_inherited_permissions(self, all=3D0):
>=20
> set all to 1 and then... iterate through the list (tuple or=20
> list? list of
> tuples?) and check every "_current_Permission" if it contains=20
> the role?
>=20
> Thx once again,
> Danny
>=20
> btw: Isn't return['Manager'] at the end of your code obsolete=20
> (but safe)? Or
> is there anything special going on at the root level
> (isTopLevelPrincipiaApplicationObject)?
>=20
>=20
> _______________________________________________
> Zope-Dev maillist  -  Zope-Dev@zope.org
> http://lists.zope.org/mailman/listinfo/zope-dev
> **  No cross posts or HTML encoding!  **
> (Related lists -=20
>  http://lists.zope.org/mailman/listinfo/zope-announce
>  http://lists.zope.org/mailman/listinfo/zope )
>=20