[Zope] how can I enforce my own Delete permission
Sun, 29 Jun 2003 08:53:20 +0200
Am Samstag, 28. Juni 2003 20:07 schrieb Dieter Maurer:
> robert wrote at 2003-6-28 16:53 +0200:
> > ...
> > security.setPermissionDefault('Delete ZehnderRequests', ['Manager',
> > 'Owner' ]
> > ...
> > now my problem:
> > every user has the permission set altough only manager should have it.
> > what am I doing wrong here ?
> There has been a bug with "setPermissionDefault" (search the
> CVS log to check when it was fixed).
> It might (though not very likely) be a difference between a list
> and a tuple. At other places, a list indicates "include acquisition"
> while a tuple means "just these roles without acquisition".
changing to tuples did not help.
In fact whatever I do, setting permissions or not, any user (with no role at
all) does have the permission set.
u = context.acl_users.getUserById('ldf01')
return u.has_permission('Delete ZehnderRequests',
always returns 1
any more hints ?