[Product-Developers] collective.autopermission: make you <permission /> statements work
Martin Aspeli
optilude+lists at gmail.com
Wed Mar 11 16:55:26 UTC 2009
Hi all,
Right now, when you declare a <permission /> in ZCML, it does not create
a permission. It creates a Zope 3 style IPermission utility, and if this
has a title that matches a Zope 2 style permission, then Five's security
policy will make sure that any Zope 3 code using the permission gets the
right permission checks. But that's it. You can't create new permissions
like this, which I think is what a lot of people expect.
Well... now you can. I've released collective.autopermission. Simply add
this to your setup.py, and add this line to your configure.zcml:
<include package="collective.autopermission" />
With this in place, your <permission /> ZCML statements will create a
Zope 2 style permission for the 'title' that was declared in ZCML, if
one does not exist already. You can use it in rolemap.xml or in your
code, e.g. with getSecurityManager().checkPermission().
The new permission will default to being granted to Manager only. If you
want to change this site-wide, you should use rolemap.xml as normal to
set up permissions at the root of your Plone site.
One day, I hope this will be unnecessary, if we can push the relevant
changes into Zope/Five. For now, I hope this is useful.
See: http://pypi.python.org/pypi/collective.autopermission
Martin
--
Author of `Professional Plone Development`, a book for developers who
want to work with Plone. See http://martinaspeli.net/plone-book
More information about the Product-Developers
mailing list