I have created a new page "Documents". I want to give permissions to the user programatically. Assusme I have users "x" and 'y' . I want to give view permissions to 'x' and edit permissions to 'y' . How can I do it programatically. Kindly help me with this query.
pone.api.user has only grant_roles what a bout permissions.
Thanks in advance.
Consider this scenario where "x" and "y" belong to the same group "abc". I want "x" to view the "document" and "y" to edit the document. If I apply workflow it assigns permissions generically. I want it specific for particular user.
i am not able to get can you explain the main idea you are trying to tell
Maybe you could show us what you've tried?
Normally I'd create three groups. abc, abc_editors, abc_viewers and then put abc_editors and abc_viewers groups into the abc group. And then use the sharing tab to apply the right permissions to the right groups. Of course if abc_viewers is all of abc you don't need that extra group.
Of course you can just share with specific users if you don't want that much flexibility.
if not 'Bank' in api.user.get_roles(str(project.assigned_to.id),obj=self.context):
self.context.plone_log("Loop")
api.user.grant_roles(username=str(project.assigned_to.id),roles=['Bank'],obj=self.context)
api.user.grant_roles(username=str(project.assigned_to.id),roles=['Bank'],obj=portal['customer-list-2']['customer-1'])
This is what I tried but dosent apply
Thanks man . but I will be editing the roles later so want flexiblity
Hi,
I'd use the stock Plone roles for that. Use the 'Editor' role to allow editing, and use 'Reader' for viewing. See https://docs.plone.org/develop/plone/security/standard_permissions.html for more default roles.
Since you already found out how to assign roles to users, you should be on you way fairly quickly.
Have fun!
99% of the time you never need to modify Plone roles/permissions. It seems like you do since you have roles in your organisation but generally that is better modelled as groups within groups and using standard Plone roles/permissions as @jaroel said.
There are a couple of ways to try to debug permissions:
navigate to the item, then view it with the Management Interface (append /manage_main to its URL), click the Security tab, then view the permissions on the item as if you were one of the other users:
in a debug session, e.g. bin/instance debug, you should be able to locate the item, e.g. object = app['Plone']['folder']['page-in-folder'] then inspect the roles that have been applied to it
The problem in the folder 'CAR' I am having two sub folders 'CAR1' and 'CAR2' . I am having 2 user 'A' and 'B" of group 'Dealer' .Here the folder CAR1 belongs to 'A' and 'CAR2' belongs to 'B'. When I assign 'view' permission to the folder 'CAR' it is inherited to the sub folders.
A,B(View)---->CAR
A(VIew)------->CAR1
B(VIew)------->CAR2
If I give disable_role_aquisition() the roles that I assign via program is not applying
Is CAR, CAR1 AND CAR2 all set to private state?
All three are set to private.
Show the code, as the param is called "disable_roles_acquisition" with a plural 'roles'
def assignRoles(self):
current_path="/".join(self.context.getPhysicalPath())
portal=api.portal.get()
portal_catalog=api.portal.get_tool('portal_catalog')
brains=portal_catalog(portal_type="project_details",path=current_path)
group='bank'
for brain in brains:
project=brain.getObject()
if not group in api.user.get_roles(username=str(project.assigned_to.id),obj=portal['customer-list-2']):
api.user.grant_roles(username=str(project.assigned_to.id),roles=['Bank'],obj=portal['customer-list-2'])
if not group in api.user.get_roles(username=str(project.assigned_to.id),obj=portal['customer-list-2'][project.customer_name]):
api.user.grant_roles(username=str(project.assigned_to.id),roles=['Bank'],obj=portal['customer-list-2'][project.customer_name])
if not group in api.user.get_roles(username=str(project.assigned_to.id),obj=portal['customer-list-2'][project.customer_name]['loan-request-list'][project.loan_request]):
api.user.grant_roles(username=str(project.assigned_to.id),roles=['Bank'],obj=portal['customer-list-2'][project.customer_name]['loan-request-list'][project.loan_request])I have rectified the problem . I am so thankful to everyone who spared time to reply to me. Thanks to all I am closing this post.