[Erp5-report] r41864 romain - /erp5/trunk/products/Vifib/Tool/SlapTool.py
nobody at svn.erp5.org
nobody at svn.erp5.org
Wed Dec 29 17:45:01 CET 2010
Author: romain
Date: Wed Dec 29 17:45:00 2010
New Revision: 41864
URL: http://svn.erp5.org?rev=41864&view=rev
Log:
Configure permissions on slap_tool.
Only give AccessContentPermission to Member, to prevent any anonymous access.
Modified:
erp5/trunk/products/Vifib/Tool/SlapTool.py
Modified: erp5/trunk/products/Vifib/Tool/SlapTool.py
URL: http://svn.erp5.org/erp5/trunk/products/Vifib/Tool/SlapTool.py?rev=41864&r1=41863&r2=41864&view=diff
==============================================================================
--- erp5/trunk/products/Vifib/Tool/SlapTool.py [utf8] (original)
+++ erp5/trunk/products/Vifib/Tool/SlapTool.py [utf8] Wed Dec 29 17:45:00 2010
@@ -104,6 +104,23 @@ class SlapTool(BaseTool):
security = ClassSecurityInfo()
allowed_types = ()
+ security.declarePrivate('manage_afterAdd')
+ def manage_afterAdd(self, item, container) :
+ """Init permissions right after creation.
+
+ Permissions in slap tool are simple:
+ o Each member can access the tool.
+ o Only manager can view and create.
+ o Anonymous can not access
+ """
+ item.manage_permission(Permissions.AddPortalContent,
+ ['Manager'])
+ item.manage_permission(Permissions.AccessContentsInformation,
+ ['Member', 'Manager'])
+ item.manage_permission(Permissions.View,
+ ['Manager',])
+ BaseTool.inheritedAttribute('manage_afterAdd')(self, item, container)
+
####################################################
# Public GET methods
####################################################
More information about the Erp5-report
mailing list