0

http://developer.plone.org/reference_manuals/external/plone.app.dexterity/advanced/permissions.html

In the documentation, I see this,

Note All permissions need to be defined before the line in configure.zcml. Otherwise, you may get errors trying to use the permission with a grok.require() directive. The permissions.zcml file looks like this:

<configure
    xmlns="http://namespaces.zope.org/zope"
    i18n_domain="example.conference">

    <permission
        id="example.conference.AddSession"
        title="example.conference: Add session"
        />

    <permission
        id="example.conference.ModifyTrack"
        title="example.conference: Modify track"
        />

</configure>

New permissions are granted to the Manager role only by default. To set a different default, we can use the rolemap.xml GenericSetup import step, which maps permissions to roles at the site root.

In profiles/default/rolemap.xml, we have the following:

<?xml version="1.0"?>
<rolemap>
  <permissions>
    <permission name="example.conference: Add session" acquire="True">
      <role name="Owner"/>
      <role name="Manager"/>
      <role name="Member"/>
      <role name="Contributor"/>
    </permission>
    <permission name="example.conference: Modify track" acquire="True">
      <role name="Manager"/>
      <role name="Reviewer"/>
    </permission>
  </permissions>
</rolemap>

Note This file uses the Zope 2 permission title instead of the shorter Zope 3 permission id."

Can Plone's Dexterity be programmed to use a database? What if I had thousands of users? That's a lot of xml files to keep up with, when I have it in Active Directory already, or a MySQL database. I want to keep buttons and other webpage items from being displayed based upon their security. Dexterity appears to do that.

Thanks.

EDIT: Thank you for clearing up my confusion between users and roles, as the users are kept in a repository like an LDAP server.

Am I correct that after I have my roles and users set up that all I have to do is wrap my html thusly (after defining the Python code as below):

"As an example, let’s display a message on the view of a Session type if the user has the cmf.RequestReview permission. In session.py, we update the View class with the following (same page),

from zope.security import checkPermission

class View(dexterity.DisplayForm):
    grok.context(ISession)
    grok.require('zope2.View')

    def canRequestReview(self):
        return checkPermission('cmf.RequestReview', self.context)

And in the session_templates/view.pt template, we add:

<div class="discreet"
     tal:condition="view/canRequestReview"
     i18n:translate="suggest_review">
    Please submit this for review.
</div>

"

johnny
  • 19,272
  • 52
  • 157
  • 259
  • 2
    You are misunderstanding how roles and permissions work. Roles are *not* individual users, they are specific roles a user can 'play'. – Martijn Pieters Aug 16 '13 at 20:26
  • A user can be a manager, and a reviewer, and a contributor, for example. – Martijn Pieters Aug 16 '13 at 20:26
  • You can see them as groups of permissions, grouped by the type of task you need to perform. – Martijn Pieters Aug 16 '13 at 20:27
  • This all has nothing to do with how users are stored. Plone.org stores user accounts in an LDAP server, for example. – Martijn Pieters Aug 16 '13 at 20:28
  • Are all the roles in the database unless I want to customize them? Do I have to use the xml files for anything? – johnny Aug 16 '13 at 20:29
  • 1
    The XML files are *one* method to configure and register the roles your system knows about. Roles are stored in the ZODB object database. See http://docs.zope.org/zope2/zope2book/Security.html for an overview of how all this works. – Martijn Pieters Aug 16 '13 at 20:36

0 Answers0