Plone3 experiences - let's start a blog!
Forgot your password?
Plone: How to modify permissions on methods
A non-archetypes based PloneSite introduces some strange permissions
I'm working on a project where roles and permissions are pretty thoroughly configured. This means that a user with a specific is allowed to create a specific piece of content in the portal root but, as my customer noticed, he's not able to *paste* that content there, eventhough he can paste it everywhere else.
It turns out that the PloneSite inherits some specific permissions on manage_pasteObject from OFS/CopySupport.py. Archetypes normally fixes this permission in BaseObject.py, but as PloneSite is not an archetypes based object, it uses a different permission that's actually rather insane in a Plone context: View management screens.
The following code in my products __init__.py fixes the permission each time the product it's loaded (it's not persisted):
from AccessControl import ClassSecurityInfo
from Globals import InitializeClass
import transaction
from Products.CMFPlone.Portal import PloneSite
PloneSite._sec = security = ClassSecurityInfo()
security.declareProtected('Add portal content', "manage_pasteObjects")
security.declareProtected('Delete objects', "manage_cutObjects")
security.declareProtected('Modify portal content', "manage_renameObject")
security.declareProtected('Modify portal content', "manage_renameObjects")
security.apply(PloneSite)
InitializeClass(PloneSite)
transaction.commit()
(the commit is perhaps redundant)
