Did not find a how-to for your problem?

Ask me to write the how-to post by writing to the mailing-list at cps-devel [@] lists [.] nuxeo [.] com or writing to me to joseluisdelarosa+cpshowto [@] gmail [.] com. Note: I'll keep all conversations on the official mailing list.

Tuesday, June 5, 2007

How to define new roles and new permissions

For a product like CPSMessages it is sure that roles like MessageSender and MessageRecipient are needed. Also, a MessageSender will be able to Send messages and a MessageRecipient will be able to Read Messages. Therefore, the new roles will have permissions to do what they are able to do, i.e. to send and read messages.


  1. In the root folder of the product CPSMessages, create a new python module called permissions.py. The content of the file is:

    from Products.CMFCore.permissions import setDefaultRoles

    ReadMessages = 'Read Messages'
    setDefaultRoles( ReadMessages, ('MessageRecipient'))

    SendMessages = 'Send Messages'
    setDefaultRoles( SendMessages, ('MessageSender'))

  2. Import the module permissions.py from the module __init__.py of the product CPSMessages:

    from Products.GenericSetup import profile_registry
    from Products.GenericSetup import EXTENSION
    from Products.CPSCore.interfaces import ICPSSite

    import permissions

    def initialize(context):

    'CPS Messages',
    'CPSMessages Product',
    for_= ICPSSite)

  3. Test the code now by restarting the Zope's instance and flicking through the Manage permissions interface. There should be the two new permissions Send messages and Read messages.

  4. Everything fine in step 3? Good. Let's say CPS to register the new roles and what permissions it should use for what role. In the folder of the default profile (path CPSMessages/profiles/default), add a new file called rolemap.xml. The content of the file is:

    <?xml version="1.0"?>
    <role name="MessageRecipient"/>
    <role name="MessageSender"/>
    <permission name="Read Messages" acquire="False">
    <role name="MessageRecipient"/>
    <permission name="Send Messages" acquire="False">
    <role name="MessageSender"/>

  5. Finally, let's say GenericSetup to import the new roles by adding this import step to the file import_steps.xml (path CPSMessages/profiles/default).

    <?xml version="1.0"?>
    <import-step id="rolemap" version="20040523-01"
    title="Role / Permission Map">

    Import custom roles and non-default role-permission mappings.


  6. Now go to the portal_setup tool and import the profile CPS Messages. Check the view to Manage permissions and check that permissions have been grant to the new roles.
Well, that's all for today. In a later post I'll explain how to use the new roles for a new content type.

No comments: