Dieter Maurer wrote:
> Jephte CLAIN writes:
> > I have the scenario where a user can edit *its* data but not other
> > users's data, unless he has a special role. however, the method used to
> > edit one's data is the same.
> Can you not use the "Owner" role for this?
I suppose not, because data is taken from a SQL database, so everyone
could potentially trash others' data
Oleg advised to make edit_data unpublishable and to write wrappers
around it. However, I have thought of another way to do it. Whether it
is better or not, I like it because I do not have to rewrite edit_data
that much.
__ac_permissions__ = (
('Use edit_data', ('edit_data', )),
('Edit one\'s data', ('check_perm_1', )),
('Edit others\' data', ('check_perm_2', )),
)
check_perm1 and check_perm_2 are do-nothing methods that are protected
by the permissions. In edit_data, I call them as appropriate to check
for the user's permissions.
any comments?
regards,
[EMAIL PROTECTED]
_______________________________________________
Zope-Dev maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope-dev
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope )