TODO: remove this file, eventually move code example to a "cookbook" section.
Out of date
This page is out of date. Please visit: Local Roles.
Customizing the sharing feature of Plone
The sample code
- Creates one folder per group, with some groups excluded. The folder is not created if it exists.
- Blocks role inheritance for the group
- Gives edit access to the group through sharing
- Gives view access to the logged in users through sharing
Example is provided as Zope External Method. Create External Method in the target parent folder through ZMI. Then run "Test" for this external method in ZMI.
import traceback from StringIO import StringIO from zope.component import getUtility from plone.i18n.normalizer.interfaces import IURLNormalizer block_groups = ["Administrators","opettajat","kouluttajat","yhteyshenkilot"] def set_sharing(self): try: buffer = StringIO() context = self normalizer = getUtility(IURLNormalizer) site = context.portal_url.getPortalObject() acl = site.acl_users groups = acl.source_groups.getGroupIds() existing_folders = context.objectIds() # Create a folder per each group for g in groups: if g in block_groups: continue print >> buffer, "Doing group:" + g g = g.decode("utf-8") id = normalizer.normalize(g) if not id in existing_folders: context.invokeFactory("Folder", id) folder = context[id] # Set sharing rights # - No inheritance folder.__ac_local_roles_block__ = True # - Group has edit access # - Logged in users have view access except Exception, e: traceback.print_exc(buffer) return buffer.getvalue()
would grant the role "Reader" (Can View on the Sharing Tab) to userid.
Beware that this will set the local roles for the user to only ['Reader']. If the user already has other local roles, this will (untested) clear those.
It will not affect inherited roles.