Modifying read permissions on DublinCore metadata and Plone 4

Question

I have created a custom content-type using Dexterity that works fine. This content should be viewable but its creator kept hidden from unpriviledged members.

I can obviously accomplish this by removing the document-byline from the template, but if I append, as a normal member, '/Creator' to the content I can still see the creator.

I can solve this by overriding Products.CMFDefault.DublinCore.DefaultDublinCoreImpl.Creator() and introducing an additional check, of course, but it's dirty and unmaintainable.

What's the best approach to selectively hide content DublinCore metadata from unpriviledged users, in the context of Dexterity (if applicable)?

Answer 1

Another solution is to redefine Zope security for this context:

import Globals
from AccessControl import ClassSecurityInfo
from Products.CMFDefault.permissions import ManagePortal

from plone.directives.dexterity import Item


Item.security = ClassSecurityInfo()
Item.security.declareProtected(ManagePortal, 'Creator')

Globals.InitializeClass(Item)

This redefines security for the 'Creator' method of dexterity.Item so that only users with the ManagePortal permission can access this information.

However, ajung notes that this might break any code that makes assumptions about the Creator method and doesn't find it, not having the required permission. It also removes all the previous security declarations for this method.

Any other ideas?