[Zope] Preventing acquiring a permission
Toby Dickenson
tdickenson@geminidataloggers.com
Thu, 19 Sep 2002 08:13:16 +0100
On Thursday 19 Sep 2002 1:05 am, John K. Hohm wrote:
> Quoting Toby Dickenson <tdickenson@geminidataloggers.com>:
> > On Wednesday 18 Sep 2002 4:00 am, John K. Hohm wrote:
> > > I am using Zope 2.5.1, and writing a product with a folderish class=
=2E I
> > > want to be able to prevent acquiring a permission from one role, wh=
ile
> > > still acquiring it from another role (if the user gets that role
> > > locally).
> > >
> > > I suppose it could work by preventing the user from acquiring a rol=
e;
> > > is there already some sensible way of doing that?
> >
> > It sound like you are trying to abuse a standard permission. Is the
> > problem something like: your folderish product uses properties to con=
trol
> > its behaviour, but you dont want to let some users control properties=
of
> > all sub-objects?
>
> No, that's not it at all. I want all authenticated users to have
> permissions to list the contents of the /auto folder, but I want a user=
to
> have permissions to the /auto/foo, /auto/bar, etc. folders and their
> contained items only if they have a role local to one of those folders.
=46rom what I can see thats exactly the same as my example, assuming the =
top=20
level folder is your new folderish product.
I suggest you create a new "list contents of top-level folder" permission=
,=20
change your folderish product so that this permission controls the releva=
nt=20
methods, then grant this permission to everyone.
> As
> it happens I am assigning the local roles with a BasicUser modification=
by
> virtue of a user having a role whose name is related to the name of the
> folder, say foo_dogs or bar_dogs.
Thats cool.
> > Perhaps a better way would be to define a new permission, call it "Ch=
ange
> > MyFolderishThing Properies", and leave the permission acquisition sys=
tem
> > to work as normal.
>
> I want the standard permissions to work normally within one folder, but=
I
> want to avoid standard permissions being used to do standard things wit=
h
> standard objects contained by folders beneath that folder, unless those
> folders have local roles that re-grant the standard permissions.
Why is it critical to use the standard permission on that top level folde=
r?