Reputation: 234
How to set Edit Permission for Dexterity Content Type?
I have a dexterity content type and only Site Administrators should be able to edit it. For that I have created a extra permission and granted it to Site Admins. To the xml of the type I have added:
<property name="add_permission">my.product.EditContent</property>
This prevents everybody from creating this type who does not have the apropriate permission. In addition I want to prevent modifying the content and expected something like:
<property name="edit_permission">unimr.subsite.EditTheme</property>
But this does not work. How can I manage this?
Upvotes: 0
Views: 304
Answers (1)
Reputation: 3965
The Factory-Type-Information (FTI) of dexterity-based contenttypes declares an add-permission-property in plone.dexterity/plone/dexterity/fti.py, but no edit-permission-property.
If you're only requirement is, to grant the add-permission to managers and no further refinements are needed, you actually don't need to define a new permission, just grant it right away to managers, like this:
<property name="add_permission">cmf.ManagePortal</property>
For allowing edits only to managers, I'd block the inheritance of local-permission-assignments with this line in the class-declaration of your contenttype:
class YourDexterityContenttypeClassName(dexterity.Item):
__ac_local_roles_block__ = True
However, this will also block inherited View- and Review-permissions. If you need to take care of these separately too, another way would be to add an eventlistener on the creation of your contenttype, check the inherited roles and remove the edit-role of it:
from Acquisition import aq_inner
def blockEditors(obj, event):
""" Remove possibly inherited editor-role.
"""
context = aq_inner(obj)
editors = context.users_with_local_role('Editor')
# For any editor:
for editor in editors:
# Get her local-roles:
roles = list(context.get_local_roles_for_userid(editor))
# Subtract editor-role of roles:
roles.remove('Editor')
# Set roles (the old roles without editor):
context.manage_setLocalRoles(editor, roles)
# Update changes:
context.reindexObjectSecurity()
Managers can edit your contenttypes anyway by default, holding global modify-permissions.
Note: It's expensive calls and this example only looks for user-assignments, you'll probably have to extend this example, to look for the assigned groups, too.
Upvotes: 1
Related Questions
- Plone: custom edit form for dexterity content type with custom behavior on save
- Creating a dexterity item programmatically
- Plone 5 Insufficient Privileges when writing Python script
- Plone/dexterity- In an event, how can I change the ownership role of a content type object that only an owner has view permission for?
- Plone/IRelatedItems- How can I programatically set relatedItems of a dexterity content type?
- Dexterity content type Hiding setting tab
- Granting Delete Permission for Content Type in Plone4
- Can't create Dexterity content type programatically in Plone 4.3.1
- Implementing a simple dexterity content type for plone 4
- Restrict content types on dexterity documents