[Setup] Security settings for Plone Plugin

abadger dave at netfm.org
Wed Feb 2 22:48:50 UTC 2011

Happy to read a reference on where to set security settings for a plugin -
or a porting guide for plugins to 4.0.2. Or any plugin guide. Is the
following on the right track ?

Thx dave


Setting Up Permissions

A fundamental concept when dealing with Web sites is that everything and
everybody is untrusted. Before any property is accessed or any method is
called, you must first check if the party wanting to perform an action is
allowed to do so. In most systems, three permissions exist: the permission
to add an item, the permission to delete an item, and the permission to edit
an item. One other permission applies to Plone: the right to view an item
through the Web (or other protocol). The containing folder handles deleting,
which is a permission handed out in Plone to the containing folder. If you
can delete anything in the folder, you can then also delete the content type
you're adding here.

This leaves you with three permissions to worry about. It's normal to use
the ones that come with the CMFCore package: Add portal content, Modify
portal content, and View. Returning to the config file, you can add the
permissions you need, like so:

from Products.CMFCore import CMFCorePermissions
add_permission = CMFCorePermissions.AddPortalContent
edit_permission = CMFCorePermissions.ModifyPortalContent
view_permission = CMFCorePermissions.View

View this message in context: http://plone.293351.n2.nabble.com/Security-settings-for-Plone-Plugin-tp5983031p5986869.html
Sent from the Installation, Setup, Upgrades mailing list archive at Nabble.com.

More information about the Setup mailing list