Custom permissions¶
Description
Creating special permissions for your product
If you want to protect certain actions in your product by a special permission, you most likely will want to assign this permission to a role when the product is installed.
First the permission is defined in zcml. It includes an example how to use the permission in a browser page
<configure
xmlns="http://namespaces.zope.org/zope"
xmlns:browser="http://namespaces.zope.org/browser">
<permission
id="myproduct.mypermission"
title="MyProduct: MyPermission"
/>
<browser:page
for="*"
name="myexampleview"
class="browser.MyExampleView"
permission="myproduct.mypermission"
/>
</configure>
Now you can use the permission both as a Zope 2 permission ('MyProduct: MyPermission') or a Zope 3 permission ('myproduct.mypermission'). The only disadvantage is that you can't import the permissionstring as a variable from a permissions.py like from Products.CMFCore.permissions.
Use Generic Setup's rolemap.xml to assign the new permission to roles. This defines the defaults. With the use of (custom) workflows this mapping may change.
<?xml version="1.0"?>
<rolemap>
<permissions>
<permission name="MyProduct: MyPermission"
acquire="True">
<role name="Manager"/>
<role name="Site Administrator"/>
<role name="Owner"/>
<role name="Contributor"/>
</permission>
</permissions>
</rolemap>
A new permission will be added to the whole Zope instance by calling setDefaultRoles on it. This step is only rarely needed, i.e. if the permission must be available outside of Plone Site.
Define the following code in your __init__.py:
from Products.CMFCore.permissions import setDefaultRoles
setDefaultRoles('MyProduct: MyPermission', ('Manager', 'Owner',))