How to give a field of Dexterity Content Types different permission to different group or role?

I add a new Dexterity Content Types which including fieldA and fieldB.
I plan to let author to input fieldA and fieldB, but fieldA visible only to groupA, fieldB visible only to groupB.
How can I get that?

Regards.
Hugo

You can use schema hints as described in https://docs.plone.org/external/plone.app.dexterity/docs/reference/form-schema-hints.html#security-related-directives.

from plone.autoform import directives

directives.read_permission(reviewNotes='cmf.ReviewPortalContent')
directives.write_permission(reviewNotes='cmf.ReviewPortalContent')
reviewNotes = schema.Text(
    title=u'Review notes',
    required=False,
)

You can use existing permissions or use your own one. Assign the group the permissions either global or local.

Are read/write permissions only enforced on the form level or also on the storage level?
Core question is about how to define permissions on individual fields where the backend enforces the checks for read/write e.g. when you access or modify content through plone.restapi.

This is schema level, and if plone.restapi takes that into account (which I think it does) than that should be fine. But never did a test on that :wink:

According to the tests this is working: https://github.com/plone/plone.restapi/blob/d57b8ef7af757d5812b2c53a061861fe3ffc0dde/src/plone/restapi/tests/test_dxcontent_serializer.py#L138 and https://github.com/plone/plone.restapi/blob/ebe264281c7d981efdcda1ff8d823dfe7df1d7ef/src/plone/restapi/tests/test_serializer.py#L62

1 Like

Plone Foundation Code of Conduct