Good way to set Dexterity field level view or edit permissions?

tkimnguyen · December 18, 2018, 4:07am

Workflow lets us grant view or edit permission on an entire Dexterity content item, per state, but I’m wondering how to grant a user edit permission on only a subset of fields.

Barring that possibility, I’m ok granting a user edit permission on a content item if I can display the edit widgets for only that subset of fields.

Is there a way to customize the default Dexterity edit form to do that, or must I invoke Cthulhu and try to build an unspeakable monstrosity using (totally guessing) plone.autoform or z3c.form?

djay · December 18, 2018, 4:57am

We are doing this TTW using this PR (which hopefully @smcmahon can review soon??)

essentially gives us the ability to fiddle with the widgets and the schema before the form is rendered.

In filesystem python you'd probably do something similar or if you can use permissions then use this https://docs.plone.org/external/plone.app.dexterity/docs/advanced/permissions.html#protecting-form-fields

zopyx · December 18, 2018, 6:23am

You can grant permissions per field on the supermodel like

field name="kennung" type="zope.schema.TextLine" security:write-permission="cmf.ManagePortal">
```

tkimnguyen · December 18, 2018, 6:07pm

Thanks @djay @zopyx - I knew that a while ago but had forgotten!

...so then, instead of setting write_permission for a field X using standard permissions like 'Modify portal content' I'd use something like 'Modify field X', then, in each workflow state, I'd grant that permission to custom roles, e.g. 'Management_Financial'?

zopyx · December 18, 2018, 6:11pm

I am not sure about write-permission accepting only a registered permission or also its textual representation.