On Wed, 19 Jul 2000, Jephte CLAIN wrote:
> I have the scenario where a user can edit *its* data but not other
> users's data, unless he has a special role. however, the method used to
> edit one's data is the same.
> So I make sure inside the edit_data method that the user has the
> adequate permissions if he tries to edit another one's data.

   Make edit_data unpublishable (remove docstring, rename it to _edit_data)
and write two wrappers for it - one for own data, one for other's data.
Protect these wrappers with different sets of permissions.

Oleg.            (All opinions are mine and not of my employer)
    Oleg Broytmann      Foundation for Effective Policies      [EMAIL PROTECTED]
           Programmers don't die, they just GOSUB without RETURN.

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope )

Reply via email to