Available permissions in Plone¶
What Zope security permissions you have available for your Plone coding
Listing different available permissions¶
Each permission name is a string.
To see available permissions, click Security tab at your site root in Zope Management Interface.
In programming, use pseudoconstants instead of permission string values:
For available ZCML permission mappings see:
Permissions such as
- Permissions such as
or search for the string
files in the eggs folder of your Plone
Example using UNIX grep tool:
grep -C 3 -Ri --include=*.zcml "<permission" *
Permissions are shown by their verbose name in the ZMI.
- This governs whether you are allowed to view some content.
Access Contents Information
- This permission allows access to an object, without necessarily viewing the object. For example, a user may want to see the object's title in a list of results, even though the user can't view the contents of that file.
List folder contents
- This governs whether you can get a listing of the contents of a folder; it doesn't check whether you have the right to view the objects listed.
Modify Portal Content
- This governs whether you are allowed to modify some content.
- This permission allows you to manage the portal. A number of views in the plone control panel are protected with this view. If you plan to write a reusable product, be very hesitant to use this permission, check whether a custom permission might make more sense.
There is no single permission for adding content. Every content type has its own permission. If you create your own content type, create a custom add permission for it.
|Permission name||Permission name for ZCML|
|Access contents information||zope2.AccessContentsInformation|
|List folder contents||cmf.ListFolderContents|
|Modify portal content||cmf.ModifyPortalContent|
To reference a permission in code, you need the name as a string. Using strings is a bad convention, all common permissions have a constant in Products.CMFCore.permissions. So to perform a permission check propery, you do something like this:
from AccessControl import getSecurityManager from AccessControl import Unauthorized from Products.CMFCore import permissions if not getSecurityManager().checkPermission(permissions.ModifyPortalContent, object): raise Unauthorized("You may not modify this object")
All standard permissions from above can be referenced by their Permission name without spaces.