[SOLVED] Dexterity field permissions not working as expected!?

Plone Support Add-on Development
1

Plone 5.2.

I have my own downsized behavior IOwnership with the creators field which should only be editable by Managers.
The read/write permissions are set to cmf.ManagerPortal.

However the field is visible and editable for users with roles Member + Editor + Authenticated

Anything missing here?


class IOwnership(model.Schema):
    """ Like IOwnership but:
        - no `rights` field
        - `contributors` accessible only for managers
        - `creators` accessible only for managers
    """

    # ownership fieldset
    model.fieldset(
        "ownership",
        label=_("label_schema_ownership", default=u"Ownership"),
        fields=["creators", "contributors"],
    )

    form.read_permission(creators=permissions.ManagePortal)
    form.write_permission(creators=permissions.ManagePortal)
    creators = zope.schema.Tuple(
        title=_(u"label_creators", u"Creators"),
        description=_(
            u"help_creators",
            default=u"Persons responsible for creating the content of "
            u"this item. Please enter a list of user names, one "
            u"per line. The principal creator should come first.",
        ),
        value_type=zope.schema.TextLine(),
        required=False,
        missing_value=(),
    )
    form.widget(
        "creators", AjaxSelectFieldWidget, vocabulary="plone.app.vocabularies.Users"
    )
2

Try passing this string as parameter:

    form.read_permission(creators='cmf.ManagePortal')
    form.write_permission(creators='cmf.ManagePortal')

EDIT:

Here the documentation mentions that we need to pass the zcml-style name of a permission:
https://docs.plone.org/external/plone.app.dexterity/docs/reference/form-schema-hints.html
I.e: "Manage Portal" vs "cmf.ManagePortal".
And here we can see a short list of permissions with the Permission name and the Permission name for zcml:
https://docs.plone.org/develop/plone/security/permission_lists.html

3

Correct.

I was not clear that CMFCore.permissions maintains the old Zope2 style permissions names.