[Zope-dev] Re: [Zope-CMF] registerClass ignoring permissions defined in the class?

Dieter Maurer dieter@handshake.de
Fri, 18 Jul 2003 21:24:53 +0200


Jean Jordaan wrote at 2003-7-18 16:35 +0200:
 > For the second time in a couple of months, I found myself 
 > wrestling with security on FSPythonScripts (and eventually
 > thinking hell with it, and just moving the functionality 
 > to a class method). Anyway, I found this, which looks like
 > an inconsistency between docs and implementation:
 > 
 > In ProductContext.registerClass the docstring says:
 > 
 >         permissions -- Additional permissions to be registered
 >            If not provided, then permissions defined in the
 >            class will be registered.
 > 
 > However, registerClass only handles permissions that are 
 > passed in:
 > 
 >         if permissions:
 > 
 > It doesn't look at permissions defined in the class at all. Am
 > I missing something?

I think these permissions are registered already be "InitializeClass".
There should be no need for "registerClass" to do something special
for this.

 > The reason I thought this matters is that this works fine in a
 > CMF .metadata file:
 > ...
 > but this doesn't:
 > 
 > """
 > [security]
 > Use LDAPService=1:Anonymous
 > """
 > 
 > AccessControl.Role.manage_permission complains: 
 > "Invalid Permission: The permission <em>Use LDAPService</em> is invalid."
 > The permission does, however, show up on the ZMI security tab, 
 > and if I set it for Anonymous on a parent of the script, the script 
 > executes fine.

This indicates for me that "Use LDAPService" has been registered.
I would debug why "manage_permission" complains.


Dieter