1 Jul 2010 zanee   » (Journeyer)

Temporarily granting manager permissions with Plone

Recently I had to "sudo" with Plone while updating @@personal- information/member data. However, as a authenticated user you can't do this even if it's for your own member data. It's been like this forever but it always gets me because there is no error. It just silently fails. The only way around this is to essentially grant permission to the contexted user through USER.manage_permission. Where USER is whatever context you're in. So you could do something like the below which grants the Manager and Authenticated roles temporarily to a user and then removes them.

USER.manage_permission("Manage users", roles=['Manager', 'Authenticated'], acquire = 1) #ON
member = membertool.getAuthenticatedMember()
member.setMemberProperties(mapping={"CVReference": uri})
USER.manage_permission("Manage users", role=['Manager', 'Authenticated'], acquire = 0) #OFF

Yes, it is a little ugly but it's better than having to do some script trash if you can traverse and get membertool. Also, it's safe unless something goes terribly wrong with membertool in which case we could probably wrap that up in a try/except clause and run acquire = 0 at the exception.

Share/Bookmark

Syndicated 2010-07-01 03:10:04 from Christopher Warner » Advogato

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!