Re: [Zope-dev] several permissions for the same method
Chris Withers wrote: > You could just check for the permissions specifically, here's a quote > from Folder.py in Zope 2.2: Yes. though it seems odd to create permissions not protecting any method that are just meant to be checked. calling a method that the current user is not not allowed to access raises Unauthorized for you. I can just check 'manually' the permission if I want to display a specific message. thanks for your comments [EMAIL PROTECTED] ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] several permissions for the same method
Jephte CLAIN wrote:
You could just check for the permissions specifically, here's a quote
from Folder.py in Zope 2.2:
> checkPermission=getSecurityManager().checkPermission
>
> if createUserF:
> if not checkPermission('Add User Folders', ob):
> raise 'Unauthorized', (
> 'You are not authorized to add User Folders.'
> )
> ob.manage_addUserFolder()
>
> if createPublic:
> if not checkPermission('Add Documents, Images, and Files', ob):
> raise 'Unauthorized', (
> 'You are not authorized to add DTML Documents.'
> )
> ob.manage_addDTMLDocument(id='index_html', title='')
>
> if REQUEST is not None:
> return self.manage_main(self, REQUEST, update_menu=1)
Any help?
cheers,
Chris
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] several permissions for the same method
Dieter Maurer wrote:
> Jephte CLAIN writes:
> > I have the scenario where a user can edit *its* data but not other
> > users's data, unless he has a special role. however, the method used to
> > edit one's data is the same.
> Can you not use the "Owner" role for this?
I suppose not, because data is taken from a SQL database, so everyone
could potentially trash others' data
Oleg advised to make edit_data unpublishable and to write wrappers
around it. However, I have thought of another way to do it. Whether it
is better or not, I like it because I do not have to rewrite edit_data
that much.
__ac_permissions__ = (
('Use edit_data', ('edit_data', )),
('Edit one\'s data', ('check_perm_1', )),
('Edit others\' data', ('check_perm_2', )),
)
check_perm1 and check_perm_2 are do-nothing methods that are protected
by the permissions. In edit_data, I call them as appropriate to check
for the user's permissions.
any comments?
regards,
[EMAIL PROTECTED]
___
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )
Re: [Zope-dev] several permissions for the same method
On Wed, 19 Jul 2000, Jephte CLAIN wrote: > I have the scenario where a user can edit *its* data but not other > users's data, unless he has a special role. however, the method used to > edit one's data is the same. > So I make sure inside the edit_data method that the user has the > adequate permissions if he tries to edit another one's data. Make edit_data unpublishable (remove docstring, rename it to _edit_data) and write two wrappers for it - one for own data, one for other's data. Protect these wrappers with different sets of permissions. Oleg.(All opinions are mine and not of my employer) Oleg Broytmann Foundation for Effective Policies [EMAIL PROTECTED] Programmers don't die, they just GOSUB without RETURN. ___ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
