Grant Permissions

I have created a new page "Documents". I want to give permissions to the user programatically. Assusme I have users "x" and 'y' . I want to give view permissions to 'x' and edit permissions to 'y' . How can I do it programatically. Kindly help me with this query.

pone.api.user has only grant_roles what a bout permissions.

Thanks in advance.

https://training.plone.org/5/workflow/roles-and-permissions.html

1 Like

Consider this scenario where "x" and "y" belong to the same group "abc". I want "x" to view the "document" and "y" to edit the document. If I apply workflow it assigns permissions generically. I want it specific for particular user.

Yes, https://training.plone.org/5/workflow/roles-and-permissions.html

i am not able to get can you explain the main idea you are trying to tell

Maybe you could show us what you've tried?

Normally I'd create three groups. abc, abc_editors, abc_viewers and then put abc_editors and abc_viewers groups into the abc group. And then use the sharing tab to apply the right permissions to the right groups. Of course if abc_viewers is all of abc you don't need that extra group.
Of course you can just share with specific users if you don't want that much flexibility.

1 Like
if not 'Bank' in api.user.get_roles(str(project.assigned_to.id),obj=self.context):
        self.context.plone_log("Loop")    
        api.user.grant_roles(username=str(project.assigned_to.id),roles=['Bank'],obj=self.context)
        api.user.grant_roles(username=str(project.assigned_to.id),roles=['Bank'],obj=portal['customer-list-2']['customer-1'])

This is what I tried but dosent apply

Thanks man . but I will be editing the roles later so want flexiblity

Hi,

I'd use the stock Plone roles for that. Use the 'Editor' role to allow editing, and use 'Reader' for viewing. See https://docs.plone.org/develop/plone/security/standard_permissions.html for more default roles.

Since you already found out how to assign roles to users, you should be on you way fairly quickly.
Have fun!

99% of the time you never need to modify Plone roles/permissions. It seems like you do since you have roles in your organisation but generally that is better modelled as groups within groups and using standard Plone roles/permissions as @jaroel said.

There are a couple of ways to try to debug permissions:

The problem in the folder 'CAR' I am having two sub folders 'CAR1' and 'CAR2' . I am having 2 user 'A' and 'B" of group 'Dealer' .Here the folder CAR1 belongs to 'A' and 'CAR2' belongs to 'B'. When I assign 'view' permission to the folder 'CAR' it is inherited to the sub folders.

BUT:

A,B(View)---->CAR
A(VIew)------->CAR1
B(VIew)------->CAR2

If I give disable_role_aquisition() the roles that I assign via program is not applying

Is CAR, CAR1 AND CAR2 all set to private state?

All three are set to private.

Show the code, as the param is called "disable_roles_acquisition" with a plural 'roles'

def assignRoles(self):
		current_path="/".join(self.context.getPhysicalPath())
		portal=api.portal.get()
		portal_catalog=api.portal.get_tool('portal_catalog')
		brains=portal_catalog(portal_type="project_details",path=current_path)
		group='bank'
		for brain in brains:
			project=brain.getObject()
			if not group in api.user.get_roles(username=str(project.assigned_to.id),obj=portal['customer-list-2']):
				api.user.grant_roles(username=str(project.assigned_to.id),roles=['Bank'],obj=portal['customer-list-2'])
			if not group in api.user.get_roles(username=str(project.assigned_to.id),obj=portal['customer-list-2'][project.customer_name]):
				api.user.grant_roles(username=str(project.assigned_to.id),roles=['Bank'],obj=portal['customer-list-2'][project.customer_name])
			if not group in api.user.get_roles(username=str(project.assigned_to.id),obj=portal['customer-list-2'][project.customer_name]['loan-request-list'][project.loan_request]):
				api.user.grant_roles(username=str(project.assigned_to.id),roles=['Bank'],obj=portal['customer-list-2'][project.customer_name]['loan-request-list'][project.loan_request])

I have rectified the problem . I am so thankful to everyone who spared time to reply to me. Thanks to all I am closing this post.

Plone Foundation Code of Conduct