I have a Folder-like object, which inherits ObjectManager and
PropertyManager, in addition to the acquisition and persistence
classes, and inside I have an instance of class which is a direct
descendant of SimpleItem.
In the SimpleItem-like object, I have a method, let's call it
'test', which is protected by permission 'TestItem' (via a declarative
security statement). In addition, the entire object is covered by
permission 'Access TestItem', and the parent folder-like object is
covered by permission 'Access Test'. Both of the access permissions
are visible to the anonymous user.
A sample implementation of those classes can be found at:
Suppose now I create an instance of the Test folder, and inside
I put a user folder and a TestItem instance. I also create a role,
'TestRole' which is comprised of the 'TestItem' permission. Then I
create a user which has only 'TestRole'.
Next, I log in as this user, and I attempt to access the method
'test' in my TestItem instance. This attempt succeeds, so I'm
presuming the Zope authentication machinery has successfully
determined the roles and permissions of this user, and the permissions
on the method I'm trying to access.
Now let's try to access method 'permissions'. Defined in the
folder-like class Test, this method uses permissionsOfRole to display
all permissions given to a certain user. What it should show upon
invocation is the permission 'TestItem' since this is the only
permission our user has been given, but instead is doesn't show
anything, because permissionsOfRole returns an empty set of
On the other hand, if one is to create a DTML form that invokes
permissionsOfRole (or uses the one in manage_access), the correct
permissions are displayed. Can anyone venture to guess where's the
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -