Adding Zope 2 permissions using ZCML and GS
How to add Zope 2 permissions without a Zope 2 package (Install.py) and just use ZCML and Generic Setup.
To add Zope 2 permissions without creating a Zope 2 package and adding them manually in the Install.py file, we configure the permissions in the main configure.zcml file of our package, or in a dedicated permissions.zcml. Then we map the permissions to roles and we’re done. You might want to take a look at Products.Five’s configure.zcml, permissions.zcml and the method create_permission_from_permission_directive in security.py.
In pre Zope 2.12, we need collective.autopermissions to automate the creation of the defined permissions. Zope 2.12 includes that functionality, so we are almost done 😃
In configure.zcml we include permissions.zcml before our profiles.
<include package=".permissions" /> <genericsetup:registerProfile name="default" title="plone.app.collection" directory="profiles/default" description="plone.app.collection profile" provides="Products.GenericSetup.interfaces.EXTENSION" />
Our permissions.zcml contains the definitions of the permissions. Permissions do not need a containing node, so the following will do.
Note: the id attribute is the Zope 3 identifier and title is the Zope 2 identifier.
<permission id="plone.app.collection.addCollection" title="plone.app.collection: Add Collection" /> <permission id="plone.app.collection.addSomething" title="plone.app.collection: Add something" /> <permission id="plone.app.collection.addEvenMore" title="plone.app.collection: Add even more" />
In our profile we have a rolemap.xml to set the role/permission mappings. Make sure that the name attribute corresponds to the title attribute in permissions.zcml
<rolemap> <permissions> <permission name="plone.app.collection: Add Collection" acquire="True"> <role name="Manager" /> </permission> </permissions> </rolemap>