Adding Zope 2 permissions using ZCML and GS
How to add Zope 2 permissions without a Zope 2 package (Install.py) and just use ZCML and Generic Setup.
Short story
To add Zope 2 permissions without creating a Zope 2 package and adding them manually in the Install.py file, we configure the permissions in the main configure.zcml file of our package, or in a dedicated permissions.zcml. Then we map the permissions to roles and we're done. You might want to take a look at Products.Five's configure.zcml, permissions.zcml and the method create_permission_from_permission_directive in security.py.
Short-ish story
In pre Zope 2.12, we need collective.autopermissions to automate the creation of the defined permissions. Zope 2.12 includes that functionality, so we are almost done :)
In configure.zcml we include permissions.zcml before our profiles.
configure.zcml
<include package=".permissions" />
<genericsetup:registerProfile
name="default"
title="plone.app.collection"
directory="profiles/default"
description="plone.app.collection profile"
provides="Products.GenericSetup.interfaces.EXTENSION"
/>
```
Our permissions.zcml contains the definitions of the permissions. Permissions do not need a containing node, so the following will do.
Note: the id attribute is the Zope 3 identifier and title is the Zope 2 identifier.
### permissions.zcml
```xml
<permission
id="plone.app.collection.addCollection"
title="plone.app.collection: Add Collection"
/>
<permission
id="plone.app.collection.addSomething"
title="plone.app.collection: Add something"
/>
<permission
id="plone.app.collection.addEvenMore"
title="plone.app.collection: Add even more"
/>
In our profile we have a rolemap.xml to set the role/permission mappings. Make sure that the name attribute corresponds to the title attribute in permissions.zcml
rolemap.xml
<rolemap>
<permissions>
<permission
name="plone.app.collection: Add Collection"
acquire="True">
<role name="Manager" />
</permission>
</permissions>
</rolemap>