[Product-Developers] collective.autopermission: make you <permission /> statements work

Martin Aspeli optilude+lists at gmail.com
Wed Mar 11 16:55:26 UTC 2009


Hi all,

Right now, when you declare a <permission /> in ZCML, it does not create 
a permission. It creates a Zope 3 style IPermission utility, and if this 
has a title that matches a Zope 2 style permission, then Five's security 
policy will make sure that any Zope 3 code using the permission gets the 
right permission checks. But that's it. You can't create new permissions 
like this, which I think is what a lot of people expect.

Well... now you can. I've released collective.autopermission. Simply add 
this to your setup.py, and add this line to your configure.zcml:

  <include package="collective.autopermission" />

With this in place, your <permission /> ZCML statements will create a 
Zope 2 style permission for the 'title' that was declared in ZCML, if 
one does not exist already. You can use it in rolemap.xml or in your 
code, e.g. with getSecurityManager().checkPermission().

The new permission will default to being granted to Manager only. If you 
want to change this site-wide, you should use rolemap.xml as normal to 
set up permissions at the root of your Plone site.

One day, I hope this will be unnecessary, if we can push the relevant 
changes into Zope/Five. For now, I hope this is useful.

See: http://pypi.python.org/pypi/collective.autopermission

Martin
-- 
Author of `Professional Plone Development`, a book for developers who
want to work with Plone. See http://martinaspeli.net/plone-book





More information about the Product-Developers mailing list