You are here: Home Blog Topics zcml

zcml

Sep 13, 2010

Adding a Zope 3 permission to Plone

by Mike Cullerton — last modified Sep 13, 2010 04:15 PM

We recently migrated a Plone 2 site to Plone 3. This site had more than a hundred skins files. While migrating one of them to a Zope 3 browser view, we needed a new permission to protect the view, and at first it wasn't apparent how to do it. But, of course, it ended up as easy as 1-2-3.

Quick Overview

We recently migrated a Plone 2.1 site to Plone 3.3. While moving a skins file to a browser view, we needed a new permission to protect the browser view. Browser views need a named Zope 3 style permission, so the old Zope 2 style permission wouldn't work. It ended up taking 3 steps; declare the permission in zcml, assign the permission to a role in rolemap.xml, and use the permission to protect your view.

 

Step-by-step

Step 1: Declare the permission in ZCML

Most people declare the permissions in permissions.zcml and include that file in configure.zcml. But you can declare the permission in configure.zcml and just include permissions.zcml. Note that id is the zope 3 style identifier, and title is the zope 2 style identifier. The title shows up on the security tab in the ZMI.

src/your.product/your/product/browser/permissions.zcml:

    <permission 
       id="myproduct.myNewPermission"
       title="MyProduct: My New Permission"
       />

 

Step 2: Assign the permission to a role

Assign the permission to a role in rolemap.xml. Here, I assign my new permission to the manager role.

src/your.product/your/product/profiles/default/rolemap.xml:

    <permission name="MyProduct: My New Permission">
       <role name="Manager" />
    </permission>

 

Step 3: Protect your view with the new permission

In configure.zcml protect your view with the new permission. Here, I'm protecting the class MyClass in the file common.py. We chose to put the permissions from Step 1 into permissions.zcml, so we include it here. Note that the permission must be the same as the id in Step 1.

src/your.product/your/product/browser/configure.zcml:

<include file="permissions.zcml" />
<browser:page
    for="Products.CMFPlone.interfaces.IPloneSiteRoot"
    name="myName"
    class=".common.MyClass"
    permission="myproduct.myNewPermission"
    />

 

As usual, the community developer manual at http://plonemanual.twinapex.fi/ was very helpful.

 
 
Copyright © 2003-2017 Core Software Group | 303/809-1001 | Fort Collins, Colorado | All rights reserved.