Configure permissions on slap_tool.

Only give AccessContentPermission to Member, to prevent any anonymous access. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@41864 20353a03-c40f-0410-a6d1-a30d3c3de9de

Configure permissions on slap_tool.
Only give AccessContentPermission to Member, to prevent any anonymous access. git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@41864 20353a03-c40f-0410-a6d1-a30d3c3de9de
f44cddef · Romain Courteaud · 886177ca · f44cddef
Commit f44cddef authored Dec 29, 2010 by Romain Courteaud
Hide whitespace changes
Inline Side-by-side

Showing with 17 additions and 0 deletions

product/Vifib/Tool/SlapTool.py product/Vifib/Tool/SlapTool.py +17 -0

No files found.
--- a/product/Vifib/Tool/SlapTool.py
+++ b/product/Vifib/Tool/SlapTool.py
@@ -104,6 +104,23 @@ class SlapTool(BaseTool):
  security = ClassSecurityInfo()
  allowed_types = ()

+  security.declarePrivate('manage_afterAdd')
+  def manage_afterAdd(self, item, container) :
+    """Init permissions right after creation.
+
+    Permissions in slap tool are simple:
+     o Each member can access the tool.
+     o Only manager can view and create.
+     o Anonymous can not access
+    """
+    item.manage_permission(Permissions.AddPortalContent,
+          ['Manager'])
+    item.manage_permission(Permissions.AccessContentsInformation,
+          ['Member', 'Manager'])
+    item.manage_permission(Permissions.View,
+          ['Manager',])
+    BaseTool.inheritedAttribute('manage_afterAdd')(self, item, container)
+
  ####################################################
  # Public GET methods
  ####################################################