[Zope] fine grained, dynamic permissions based on attribute values

Robert Boyd robert.h.boyd at gmail.com
Fri Oct 21 21:39:45 EDT 2005


On 10/18/05, Chris Crownhart <chris at shiftzz.com> wrote:
> Good day,
>
> I am wondering if/how I could control the permissions on an object based
> on the value of an attribute.
>
> So, as an example, I have multiple users, and multiple values for the
> category field.  I would like User A to access the object if the
> category ='financial', and User B access the object if the
> category='other'.

If, as Mark asked, different users with different access privileges
have different roles, then how about writing a condition (TALES
expression) for the View action of your content type? Something along
the lines of

python: member and (member.has_role('Accountant') and
context.category=='financial') or (member.has_role('Editor') and
context.category=='other')

Don't quote me on the exact expression, though, you should test that.

Rob


More information about the Zope mailing list