Jamie Heilman wrote:
I can't fathom the ZClass code.  Can somebody tell me if manage_addZClass,
manage_addZClassForm, and manage_subclassableClassNames are supposed
to be protected by the 'Add Zope Class' permission, or if the code in
ZClasses/__init__.py is pure fluf?  That permission never shows up in
any folder's security settings that I can see.  VerboseSecurity has
this to say about manage_addZClassForm:

Unauthorized: Your user account does not have the required permission.
Access to 'manage_addZClassForm' of (Product instance at 89189e0)
denied. Your user account, meh, exists at /acl_users. Access requires
one of the following roles: ['Manager'].  Your roles in this context
are ['Authenticated'].

So it doesn't look like there is a named permission associated with
those methods.  I have to wonder if thats intentional.

It is. Older Zope code uses the manage_ prefix to require the Manager role by default. Needless to say, that strategy did not cope well with later enhancements to Zope.


Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists - http://mail.zope.org/mailman/listinfo/zope-announce
http://mail.zope.org/mailman/listinfo/zope )

Reply via email to