Difference between Plone permissions and Customised permissions

i am developing an application for online ticket booking for movie show so that i am using permissions according to roles like


for above roles i use Plone as well as customized permissions like

"Access Content Permission"
"Modify Portal Content"

and customized permission (user define)

Create Booking
Manage Booking
View Booking

actually i am little confuse in Plone and customized permissions concept...?

First thing is you shouldn’t be using Plone to make an app. It’s not an app framework, its for content management.
If you want to build it on top of Plone then use Plomino or rapido.

If you do want to make life hard for yourself and try and reuse plone to make something which is a app (please don;t) you need to understand that plone roles are not your roles. In general you are better off representing your roles as groups. And then thinking of Plone roles as permissions. For example, you want a those in the customer group, to be able to add a booking within the booking folder. There is no need for custom permissions or roles. They are for internal Plone use.

thanks @djay I am doing exactly what you are suggesting me actually in my terms it is an web application or content based website but as i discus here that am unable to understand concept to customize permissions as i mentioned

As I said. Use plomino. Go to http://plomino.net. don't use use dexterity content types. Don't build an app by hacking apart an existing app, ie plone. You will spend too much time trying to map its concepts to yours and it will never fit close enough and you will spend 80% more effort on your last 20% customisation. Or in your case you are already wasting time with the basics.

Hi @snipersnack!

Customized permissions are very useful for when you want to separate the ability to take certain actions in Plone from the ability to take other actions. In general, if you want a user to be able to create/view/manage bookings independently from their ability to do the same sorts of things for other types of content, then a custom permission is for you.

However, if a person who can create bookings should also be able to create other types of content, then perhaps the built-in Manage portal content permission would be sufficient. If viewing a booking is supposed to be available to anyone who can see other types of content, then the View permission is probably sufficient for your use.

It is always a good idea to hew as closely as possible to the built-in permissions as you can while still maintaining the power/flexibility that you require for your content types.

One final word. A good way of thinking about permissions is as if they were keys to unlock a given functionality. Imagine Plone as a hallway with lots of doors. Inside each door is a button or a lever that allows a user some ability. Each permission is the key that unlocks and opens that door. The Role that a user has within the site (Editor, Site Administrator, Reviewer, etc) can be thought of as a key-ring. It holds the keys that allow access to the abilities that a user with that role should have. The best way to work with permissions in Plone is to assign them to the roles that are built in to Plone, and then to assign those roles to users or groups of users.

1 Like

thanks @cewing its very helpful content for me.