Zope CMF buildout

GS rolemap importer offers no way to append roles into existing permissions

Bug #1227290 reported by Sean Upton
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Zope CMF buildout
Won't Fix
Undecided
Unassigned

Bug Description

If a GenericSetup base profile defines a set of roles for a permission in its rolemap.xml, it is impossible to supplement (append) roles to that permission from an extension profile. Rather, the extension profile rolemap.xml must include duplicative (all) roles (for each permission) listed in upstream base profile and cannot merely supplement.

I have verified the outcome of this looking at manage_access in a Plone site, and by reviewing the code.

AccessControl.rolemanager.RoleManager.manage_permission() is passed only what is explicitly in the rolemap.xml for an extension profile by Products.GenericSetup.rolemap.importRolemap(). Permission.setRoles() does a setattr() replacement of the roles tuple/list in each permission. The consequence of this is that it is impossible to merge/supplement/append roles.

The work-around is to copylift and duplicate *all* roles listed in upstream package profiles.

Note: __ac_roles__ is fine, is supplemented correctly. This is a per-permission mapping issue.

Versions: Zope: 2.13.21, Products.GenericSetup 1.7.4, Products.CMFCore 2.2.7 on Python 2.7.3

See original description
Sean Upton (seanupton)
description: updated
Revision history for this message
Tres Seaver (tseaver) wrote :

Now tracked on Github:

https://github.com/zopefoundation/Products.GenericSetup/issues/8

Changed in zope-cmf:
status: New → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.