• Roel Bruggink

Adding Zope 2 permissions using ZCML and GS

How to add Zope 2 permissions without a Zope 2 package (Install.py) and just use ZCML and Generic Setup.

Short story

To add Zope 2 permissions without creating a Zope 2 package and adding them manually in the Install.py file, we configure the permissions in the main configure.zcml file of our package, or in a dedicated permissions.zcml. Then we map the permissions to roles and we're done. You might want to take a look at Products.Five's configure.zcml, permissions.zcml and the method create_permission_from_permission_directive in security.py.

Short-ish story

In pre Zope 2.12, we need collective.autopermissions to automate the creation of the defined permissions. Zope 2.12 includes that functionality, so we are almost done :)

In configure.zcml we include permissions.zcml before our profiles.


<include package=".permissions" />

 description="plone.app.collection profile"

Our permissions.zcml contains the definitions of the permissions. Permissions do not need a containing node, so the following will do.

Note: the id attribute is the Zope 3 identifier and title is the Zope 2 identifier.

### permissions.zcml

 title="plone.app.collection: Add Collection"
 title="plone.app.collection: Add something"
 title="plone.app.collection: Add even more"

In our profile we have a rolemap.xml to set the role/permission mappings. Make sure that the name attribute corresponds to the title attribute in permissions.zcml


 name="plone.app.collection: Add Collection"
 <role name="Manager" />
We love code


Wij maken gebruik van cookies. Meer hierover lees je in onze Privacy- cookieverklaring.