On Wed, Feb 25, 2009 at 16:43, Martin Aspeli <optilude+li...@gmail.com> wrote:
> I think the fact that this workaround is necessary is a bug. The
> <permission /> directive is supposed to be used to declare new
> permissions, but it does not do that fully in Zope 2. An easy bug fix
> would be to put something like this into Five:
>
>     <subscriber
>         for="zope.security.interfaces.IPermission
>              zope.component.interfaces.IRegistered"
>         handler=".permissions.create_permission"
>         />
>
>
> def create_permission(permission_utility, event):
>     permission = permission_utilty.title
>     roles = ()
>     registered = _registeredPermissions
>     if not registered.has_key(permission):
>         registered[permission] = 1
>         Products.__ac_permissions__=(
>             Products.__ac_permissions__+((permission,(),roles),))
>         mangled = pname(permission)
>         setattr(ApplicationDefaultPermissions, mangled, roles)
>
> The body of this function is copied from CMF's setSecurityInfo.
>
> It'd also be nice if you could set up some app-root roles using the
> <grant /> directive from zope.securitypolicy, though I don't really know
> how that would work yet.
>
> What do you think? Could we put this in as a bugfix?

+1

This has annoyed me too, the subscriber seems like a neat solution.

-- 
Lennart Regebro: Pythonista, Barista, Notsotrista.
http://regebro.wordpress.com/
+33 661 58 14 64
_______________________________________________
Zope-Dev maillist  -  Zope-Dev@zope.org
http://mail.zope.org/mailman/listinfo/zope-dev
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope-announce
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to