On Fri, Sep 08, 2006 at 10:12:34AM +0400, Denis Shaposhnikov wrote:
> >>>>> "Stephan" == Stephan Richter <[EMAIL PROTECTED]> writes:
> Stephan> You cannot grant permissions via ZCML to principals that are
> Stephan> located in the ZODB. You have to use the "Grant" view of the
> Stephan> folder for this.
> Oh, that's a bad news. Am I right that Zope3 have principals either
> ZODB or ZCML?
Principals in Zope3 are identified by simple text strings (e.g.
zope.Manager). When a request is processed by the zope server, it tries to
find a IAuthentication utility which has a method to provide credentials
(username, password) returning a principal object which is not persistent
(-> changing attributes on that object wont affect anything after that
Problem ist: When the ZCML-tree is parsed, any <grant>-statement tries to
if a given principal exists. This verification fails for principals provided
by a a PAU- or another Site-Manager-registered IAuthentication utility.
If you want to assign a permission to a principal for the whole zodb, just
do that for the root folder and it will be inherited down the traverse path.
from zope.app.securitypolicy.interfaces import IPrincipalPermissionManager
from zope.app import zapi
The permission-principal-assignment is stored as a simple text-tuple - there's
check for validity of wither the principal's or the permission's id.
Zope3-users mailing list