Re: [Zope-dev] manage_addZClass* permission question
Jamie Heilman wrote: Shane Hathaway wrote: It is. Older Zope code uses the manage_ prefix to require the Manager role by default. Needless to say, that strategy did not cope well with later enhancements to Zope. OK. So what about the stuff in ZClasses/__init__.py, pure fluf? After yesterdays App.Permission bug I did a quick grep over the Zope source to make a big list of all used Permissions, and the 'Add Zope Class' in __init__.py is the only one I can't account for. (The one in Draft.py had me confused for a few minutes too before I found out that Drafts are completely disabled at the moment.) It took me a little time to make sense of this one. Then I realized that ZClasses must have been a Zope product at one time. If ZClasses/__init__.py were located at Products/ZClasses/__init__.py, __ac_permissions__ would take effect. Instead, App/Product.py is where you go to add ZClasses, and __ac_permissions__ is a decoy. Ugh. Shane ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] manage_addZClass* permission question
Jamie Heilman wrote: I can't fathom the ZClass code. Can somebody tell me if manage_addZClass, manage_addZClassForm, and manage_subclassableClassNames are supposed to be protected by the 'Add Zope Class' permission, or if the code in ZClasses/__init__.py is pure fluf? That permission never shows up in any folder's security settings that I can see. VerboseSecurity has this to say about manage_addZClassForm: Unauthorized: Your user account does not have the required permission. Access to 'manage_addZClassForm' of (Product instance at 89189e0) denied. Your user account, meh, exists at /acl_users. Access requires one of the following roles: ['Manager']. Your roles in this context are ['Authenticated']. So it doesn't look like there is a named permission associated with those methods. I have to wonder if thats intentional. It is. Older Zope code uses the manage_ prefix to require the Manager role by default. Needless to say, that strategy did not cope well with later enhancements to Zope. Shane ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] manage_addZClass* permission question
Shane Hathaway wrote: It is. Older Zope code uses the manage_ prefix to require the Manager role by default. Needless to say, that strategy did not cope well with later enhancements to Zope. OK. So what about the stuff in ZClasses/__init__.py, pure fluf? After yesterdays App.Permission bug I did a quick grep over the Zope source to make a big list of all used Permissions, and the 'Add Zope Class' in __init__.py is the only one I can't account for. (The one in Draft.py had me confused for a few minutes too before I found out that Drafts are completely disabled at the moment.) -- Jamie Heilman http://audible.transient.net/~jamie/ We must be born with an intuition of mortality. Before we know the words for it, before we know there are words, out we come bloodied and squalling with the knowledge that for all the compasses in the world, there's only one direction, and time is its only measure. -Rosencrantz ___ Zope-Dev maillist - [EMAIL PROTECTED] http://mail.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope )