GS rolemap importer offers no way to append roles into existing permissions
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Zope CMF buildout |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
If a GenericSetup base profile defines a set of roles for a permission in its rolemap.xml, it is impossible to supplement (append) roles to that permission from an extension profile. Rather, the extension profile rolemap.xml must include duplicative (all) roles (for each permission) listed in upstream base profile and cannot merely supplement.
I have verified the outcome of this looking at manage_access in a Plone site, and by reviewing the code.
AccessControl.
The work-around is to copylift and duplicate *all* roles listed in upstream package profiles.
Note: __ac_roles__ is fine, is supplemented correctly. This is a per-permission mapping issue.
Versions: Zope: 2.13.21, Products.
description: | updated |
Now tracked on Github:
https:/ /github. com/zopefoundat ion/Products. GenericSetup/ issues/ 8