I have what I think is a fairly simple use case for my Plone site. I want to
be able to add a local role dynamically based on two factors - the content of
the object, and a given external condition. So I've written a local role
plugin, where getRolesInContext() checks these two factors and returns either
an empty list or a list containing one item - the new role. This seems to work
well. It's the checkLocalRolesAllowed() method I'm having problem with. My
logic looks like:
if object has specific content:
if external condition is true:
>From looking at the PlonePAS code, it appears that the PloneUser class
through all of the LocalRole plugins, and continues until one of the plugins
returns something other than None. But what happens is that the user is still
denied access to the object. If I change the last return to "1", the user can
access the object, but naturally gets access to everything else as well.
Am I missing some basic logic here?
Zope-PAS mailing list