[Zope] Preventing acquiring a permission

John K. Hohm jhohm@acm.org
Wed, 18 Sep 2002 19:05:15 -0500


Quoting Toby Dickenson <tdickenson@geminidataloggers.com>:
> On Wednesday 18 Sep 2002 4:00 am, John K. Hohm wrote:
> > I am using Zope 2.5.1, and writing a product with a folderish class.  I
> > want to be able to prevent acquiring a permission from one role, while
> > still acquiring it from another role (if the user gets that role locally).
> 
> > I suppose it could work by preventing the user from acquiring a role; is
> > there already some sensible way of doing that?
> 
> It sound like you are trying to abuse a standard permission. Is the problem
> something like: your folderish product uses properties to control its 
> behaviour, but you dont want to let some users control properties of all 
> sub-objects?

No, that's not it at all.  I want all authenticated users to have permissions to
list the contents of the /auto folder, but I want a user to have permissions to
the /auto/foo, /auto/bar, etc. folders and their contained items only if they
have a role local to one of those folders.  As it happens I am assigning the
local roles with a BasicUser modification by virtue of a user having a role
whose name is related to the name of the folder, say foo_dogs or bar_dogs.

> Perhaps a better way would be to define a new permission, call it "Change 
> MyFolderishThing Properies", and leave the permission acquisition system to
> work as normal. 

I want the standard permissions to work normally within one folder, but I want
to avoid standard permissions being used to do standard things with standard
objects contained by folders beneath that folder, unless those folders have
local roles that re-grant the standard permissions.