Re: [Zope-dev] several permissions for the same method
Chris Withers wrote: > You could just check for the permissions specifically, here's a quote > from Folder.py in Zope 2.2: Yes. though it seems odd to create permissions not protecting any method that are just meant to be checked. calling a method that the current user is not not allowed to access raises Unauthorized for you. I can just check 'manually' the permission if I want to display a specific message. thanks for your comments [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] several permissions for the same method
Jephte CLAIN wrote: You could just check for the permissions specifically, here's a quote from Folder.py in Zope 2.2: > checkPermission=getSecurityManager().checkPermission > > if createUserF: > if not checkPermission('Add User Folders', ob): > raise 'Unauthorized', ( > 'You are not authorized to add User Folders.' > ) > ob.manage_addUserFolder() > > if createPublic: > if not checkPermission('Add Documents, Images, and Files', ob): > raise 'Unauthorized', ( > 'You are not authorized to add DTML Documents.' > ) > ob.manage_addDTMLDocument(id='index_html', title='') > > if REQUEST is not None: > return self.manage_main(self, REQUEST, update_menu=1) Any help? cheers, Chris ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] several permissions for the same method
Dieter Maurer wrote: > Jephte CLAIN writes: > > I have the scenario where a user can edit *its* data but not other > > users's data, unless he has a special role. however, the method used to > > edit one's data is the same. > Can you not use the "Owner" role for this? I suppose not, because data is taken from a SQL database, so everyone could potentially trash others' data Oleg advised to make edit_data unpublishable and to write wrappers around it. However, I have thought of another way to do it. Whether it is better or not, I like it because I do not have to rewrite edit_data that much. __ac_permissions__ = ( ('Use edit_data', ('edit_data', )), ('Edit one\'s data', ('check_perm_1', )), ('Edit others\' data', ('check_perm_2', )), ) check_perm1 and check_perm_2 are do-nothing methods that are protected by the permissions. In edit_data, I call them as appropriate to check for the user's permissions. any comments? regards, [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] several permissions for the same method
On Wed, 19 Jul 2000, Jephte CLAIN wrote: > I have the scenario where a user can edit *its* data but not other > users's data, unless he has a special role. however, the method used to > edit one's data is the same. > So I make sure inside the edit_data method that the user has the > adequate permissions if he tries to edit another one's data. Make edit_data unpublishable (remove docstring, rename it to _edit_data) and write two wrappers for it - one for own data, one for other's data. Protect these wrappers with different sets of permissions. Oleg.(All opinions are mine and not of my employer) Oleg Broytmann Foundation for Effective Policies [EMAIL PROTECTED] Programmers don't die, they just GOSUB without RETURN. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )