Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Read/write permissions #91

Open
fulv opened this issue Mar 5, 2020 · 1 comment
Open

Read/write permissions #91

fulv opened this issue Mar 5, 2020 · 1 comment

Comments

@fulv
Copy link
Member

fulv commented Mar 5, 2020

Is is possible to apply supermodel security attributes, i.e. https://docs.plone.org/external/plone.app.dexterity/docs/reference/dexterity-xml.html#read-permission-write-permission?

What I'm trying to do is hide a field from users who do not have the required permission.

I tried the following:
I created a custom field TTW, then exported the plone.app.users.setuphandlers.export_schema from portal_setup.

Then I added a security:read-permission to the field like this:

    <field name="account_number" type="zope.schema.TextLine" users:forms="On Registration|In User Profile"
        security:read-permission="cmf.ManagePortal"
        security:write-permission="cmf.ManagePortal">
      <description>...</description>
      <title>Account Number</title>
    </field>

Then I created a new Plone site and finally I went to portal_setup/manage_tarballImport and uploaded my modified tar-gzipped userschema.xml file.

When I create a new user that does not have the cmf.ManagePortal permission,
the field is in the @@personal-information view and it is editable and saveable.

So that doesn't work. Further, if I re-export the plone.app.users.setuphandlers.export_schema from portal_setup, I see the the userschema.xml file does not have my security:read|write-permission attributes that I imported it with.

Is there any way to achieve this?
@1letter
Copy link
Contributor

1letter commented Jul 13, 2021

@fulv

I have the same issue today. My Workaround:

<!-- Override UserDataPanel Form -->
<browser:page
  name="personal-information"
  for="plone.app.layout.navigation.interfaces.INavigationRoot"
  layer="my.addon.interfaces.IMyAddonLayer"
  class=".userdatapanel.UserDataPanel"
  permission="cmf.SetOwnProperties" />
# userdatapanel.py
from plone.app.users.browser.userdatapanel import UserDataPanel as BaseUserDataPanel
from z3c.form.interfaces import DISPLAY_MODE

class UserDataPanel(BaseUserDataPanel):
    def updateWidgets(self):
        super(UserDataPanel, self).updateWidgets()
        self.widgets["exam_id"].mode = DISPLAY_MODE

    def __call__(self):
        return super(UserDataPanel, self).__call__()

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fulv @1letter