I have what I think is a fairly simple use case for my Plone site.  I want to 
be able to add a local role dynamically based on two factors - the content of 
the object, and a given external condition.  So I've written a local role 
plugin, where getRolesInContext() checks these two factors and returns either 
an empty list or a list containing one item - the new role.  This seems to work 
well.  It's the checkLocalRolesAllowed() method I'm having problem with.  My 
logic looks like:

if object has specific content:
  if external condition is true:
    return 1
    return None
return None

>From looking at the PlonePAS code, it appears that the PloneUser class 
through all of the LocalRole plugins, and continues until one of the plugins 
returns something other than None.  But what happens is that the user is still 
denied access to the object.   If I change the last return to "1", the user can 
access the object, but naturally gets access to everything else as well.  

Am I missing some basic logic here? 


Stan McFarland

Zope-PAS mailing list

Reply via email to