Hi all,
I understand permissions and proxying, but I feel like mentally
challenged when trying to understand the following Define permissions
tab in ZClass:
*********
This interface is used to define how the operations of this object (or
objects that acquire permission settings from this
object) correspond to the operations defined by your product or ZClass.
The table below has two columns. The first column lists the permissions
for this object. The second column specifies the
permissions that should have this permission in this product or ZClass.
For ZClass methods, only permissions that are
defined for the ZClass are permitted.
In general, any permissions that include operations that change (mutate)
an object should be disabled.
The listing below shows the current permission mappings for this item.
*********
I've read the online help but it still makes no sense. Could someone
rephrase it in plain English? Or perhaps give an example or two?
Zope blocks all my attempts of calling manage_changeProperties because
of insufficient permissions. The property belongs to a subfolder
contained in a Z Class contained in a Product. The
manage_changeProperties is called from a method "changeLST" belonging to
the Z Class.
Zope also blocks attempts to display the property using simple
<dtml-var> from a method "display" belonging to the Z Class.
1. If I map "Manage properties" permission from (disabled) to "View"
permission, does that mean that anyone who has "View" permission (i.e.
even anonymous users) can manage properties here?
2. Is the Define permissions the right place to solve this? Which one?
A. the Define permissions tab of the containing Product?|
B. Permission tab of ZClass? (the Manage properties is already listed
as "inherited")
C. the Define permissions tab of ZClass (Manage properties is mapped
to (disabled))
D. the Define permissions tab of the subfolder (this tab actually
displays ../propertysheets/methods/subfolder, and Manage properties is
mapped to (disabled))
E. the Define permissions tab of "changeLST" method.
After a few experiments, it looks like:
- to allow anyone run the "display" method, D is right. ("Access
contents information" assign to "View")
- to allow anyone run the changeLST method, E is right ("Manage
properties" assign to "View")
To sum it up, the Define permission says "what right (in the second
column) must user possess in order to be able to do the thing specified
in the first column". And also: "If the second column does not have a
specific permission you need, you have to go to the containing Z Class,
click on Permissions and add the desired permission in the 'Class
permissions' list box."
Frankly, the sentence "The second column specifies the permissions that
should have this permission in this product or ZClass." from the online
help still makes no sense to me. Is my translation to plain English
correct? I'm very, very confused :-)
--
Milos Prudek
_______________________________________________
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
