[Zope] fine grained, dynamic permissions based on attribute values

Mark Gibson mark at kaivo.com
Tue Oct 18 13:16:39 EDT 2005


On Tue, 2005-10-18 at 11:05, Chris Crownhart wrote:
> Good day,
> 
> I am wondering if/how I could control the permissions on an object based 
> on the value of an attribute.  I am using CMF, and thus portal_catalog, 
> and have built a custom content type.  My type has a category field.  I 
> would like to control the view permission of the object dynamically 
> based on the value of category.
> 
> So, as an example, I have multiple users, and multiple values for the 
> category field.  I would like User A to access the object if the 
> category ='financial', and User B access the object if the 
> category='other'.
> 
> Thanks for any ideas.


I assume user A and B have different roles?  Instead of dynamically controlling the permission, could you set the permission on the object explicitly when the object is edited?

e.g.

def manage_edit(self, ...):
   ...
   if REQUEST.get('category') == 'other':
       self.set_permission_so_user_B_can_access()
   elif REQUEST.get('category') == 'financial':
      self.set_permission_so_user_A_can_access()



More information about the Zope mailing list