Cannot Assign "View" Permission to custom Role

Plone Support Add-on Development
1

I introduced some new roles in rolemap.xml. One of them is "DomainAdmin":

<?xml version="1.0"?>
 <rolemap>
   <roles>
     <role name="EmailUser"/>
     <role name="DomainAdmin"/>
     <role name="Customer"/>
   </roles>

And I am assigning some standard permissions

  <permissions>
<permission name="View" acquire="True">
  <role name="Customer" />
  <role name="DomainAdmin"/>
</permission>
<permission name="Access contents information" acquire="True">
  <role name="Customer" />
  <role name="DomainAdmin"/>
</permission>

And some new ones

 <permission name="View EmailAliases" acquire="True">
      <role name="DomainAdmin"/>
      <role name="Customer"/>
    </permission>
     <permission name="Edit EmailAliases" acquire="True">
      <role name="DomainAdmin"/>
      <role name="Customer"/>
    </permission>

Then the role DomainAdmin is assigned on some context to a certain user via the sharing tab.
The non standard permissions like "Edit EmailAliases" are available on the context by the user, but the "View" permission is not, although it is assigned to the role (see above).

api.user.get_roles(username=user_id, obj=domain)
[u'DomainAdmin', 'Authenticated']


pprint(api.user.get_permissions(username=user_id, obj=domain))
    {'View EmailAliases' : True,
    'Edit EmailAliases' : True,
    ...
     **'View': False,**
    ...}

Any help appreciated

Volker

2

The "rolemap.xml" modifications operate on the "portal" object - not on all content objects below it. The workflow of content objects usually take over control of the permission to role grants for selected permissions, among them "View". In particular, it usually removes the "acquire=true" property (such that definitions on the "portal" object become irrelevant for the affective permission).

Thus, I suppose that your content objects have a local permission to role map for "View" with "acquire=false" and without the grants to your custom roles -- almost surely set up be workflow.

You will need to change your workflow to get this fixed.

1 Like
3

Thank you Dieter!

With help of your explanation I understand the problem and have certain ideas how to overcome them.