Commit f44cddef authored by Romain Courteaud's avatar Romain Courteaud

Configure permissions on slap_tool.

Only give AccessContentPermission to Member, to prevent any anonymous access.


git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@41864 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 886177ca
...@@ -104,6 +104,23 @@ class SlapTool(BaseTool): ...@@ -104,6 +104,23 @@ class SlapTool(BaseTool):
security = ClassSecurityInfo() security = ClassSecurityInfo()
allowed_types = () allowed_types = ()
security.declarePrivate('manage_afterAdd')
def manage_afterAdd(self, item, container) :
"""Init permissions right after creation.
Permissions in slap tool are simple:
o Each member can access the tool.
o Only manager can view and create.
o Anonymous can not access
"""
item.manage_permission(Permissions.AddPortalContent,
['Manager'])
item.manage_permission(Permissions.AccessContentsInformation,
['Member', 'Manager'])
item.manage_permission(Permissions.View,
['Manager',])
BaseTool.inheritedAttribute('manage_afterAdd')(self, item, container)
#################################################### ####################################################
# Public GET methods # Public GET methods
#################################################### ####################################################
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment