Grant Collection (ATTopic) permissions to contributors and editors
by
Guido Stevens
—
last modified
Nov 15, 2010 10:54 AM
Out of the box, contributors and editors do not have the rights to manage Collections (topics, smart folders). This howto provides a genericsetup rolemap that makes Collections manageable just like other content.
genericsetup rolemap.xml
In your products genericsetup profile, set up rolemap.xml as follows:
<?xml version="1.0" encoding="UTF-8"?>
<rolemap>
<permissions>
<permission name="ATContentTypes Topic: Add ATBooleanCriterion" acquire="True">
<role name="Contributor"/>
</permission>
<permission name="ATContentTypes Topic: Add ATCurrentAuthorCriterion" acquire="True">
<role name="Contributor"/>
</permission>
<permission name="ATContentTypes Topic: Add ATDateCriteria" acquire="True">
<role name="Contributor"/>
</permission>
<permission name="ATContentTypes Topic: Add ATDateRangeCriterion" acquire="True">
<role name="Contributor"/>
</permission>
<permission name="ATContentTypes Topic: Add ATListCriterion" acquire="True">
<role name="Contributor"/>
</permission>
<permission name="ATContentTypes Topic: Add ATPathCriterion" acquire="True">
<role name="Contributor"/>
</permission>
<permission name="ATContentTypes Topic: Add ATPortalTypeCriterion" acquire="True">
<role name="Contributor"/>
</permission>
<permission name="ATContentTypes Topic: Add ATReferenceCriterion" acquire="True">
<role name="Contributor"/>
</permission>
<permission name="ATContentTypes Topic: Add ATRelativePathCriterion" acquire="True">
<role name="Contributor"/>
</permission>
<permission name="ATContentTypes Topic: Add ATSelectionCriterion" acquire="True">
<role name="Contributor"/>
</permission>
<permission name="ATContentTypes Topic: Add ATSimpleIntCriterion" acquire="True">
<role name="Contributor"/>
</permission>
<permission name="ATContentTypes Topic: Add ATSimpleStringCriterion" acquire="True">
<role name="Contributor"/>
</permission>
<permission name="ATContentTypes Topic: Add ATSortCriterion" acquire="True">
<role name="Contributor"/>
</permission>
<permission name="Add portal topics" acquire="True">
<role name="Contributor"/>
</permission>
<permission name="Change portal topics" acquire="True">
<role name="Editor"/>
</permission>
</permissions>
</rolemap>
This is enough to configure Collections permissions for Contributors and Editors. If you'd like to test your setup, or see how exactly these permissions behave, read on.
browser test
The following browser test describes and tests the newly configured permissions.
Managing collections without 'manager' rights.
==============================================
We want to make sure that non-managers with 'contributor' or 'editor'
roles can create, edit and delete collections.
Set up the test browser.
>>> from Products.Five.testbrowser import Browser
>>> browser = Browser()
>>> portal_url = self.portal.absolute_url()
>>> self.portal.error_log._ignored_exceptions = ()
Managing Collections as Editor
------------------------------
Contributors may add and edit (but not delete) collections.
Log in as Contributor.
>>> browser.open(portal_url + '/login')
>>> browser.getControl(name='__ac_name').value = 'contributor'
>>> browser.getControl(name='__ac_password').value = 'secret'
>>> browser.getControl(name='submit').click()
>>> "You are now logged in" in browser.contents
True
Add some test content.
>>> browser.open(portal_url + '/createObject?type_name=News+Item')
>>> browser.getControl('Title').value = 'A Test NewsItem'
>>> browser.getControl('Save').click()
>>> 'Changes saved' in browser.contents
True
>>> browser.open(portal_url + '/createObject?type_name=Document')
>>> browser.getControl('Title').value = 'A Test Page'
>>> browser.getControl('Save').click()
>>> 'Changes saved' in browser.contents
True
Add a collection.
>>> browser.open(portal_url + '/createObject?type_name=Topic')
>>> browser.getControl(name='title').value = 'A Test Collection'
>>> browser.getControl('Save').click()
>>> fh=open('/tmp/browser.html','w'); fh.write(browser.contents);fh.close()
>>> 'Changes saved' in browser.contents
True
Set up a portal_type criterion.
>>> browser.getLink('Criteria').click()
>>> browser.getControl('Field name').value = ['Type']
>>> browser.getControl('Criteria type').value = ['ATPortalTypeCriterion']
>>> browser.getControl('Add criteria').click()
>>> browser.getControl(name='crit__Type_ATPortalTypeCriterion_value:list').value = ['News Item']
>>> browser.getControl(name='form.button.Save').click()
Check the listing view.
>>> browser.getLink('View').click()
>>> 'A Test Page' in browser.contents
False
>>> 'A Test NewsItem' in browser.contents
True
Edit the collection.
>>> browser.getLink('Edit').click()
>>> browser.getControl(name='description').value = 'An edited description'
>>> browser.getControl('Save').click()
>>> 'An edited description' in browser.contents
True
Edit the criterion.
>>> browser.getLink('Criteria').click()
>>> browser.getControl(name='crit__Type_ATPortalTypeCriterion_value:list').value = ['Page']
>>> browser.getControl(name='form.button.Save').click()
Check the changed listing view.
>>> browser.getLink('View').click()
>>> 'A Test Page' in browser.contents
True
>>> 'A Test NewsItem' in browser.contents
False
Contributor has no delete permissions.
Log out.
>>> browser.open(portal_url + '/logout')
>>> 'You are now logged out' in browser.contents
True
Managing Collections as Editor
------------------------------
Editors may edit and delete Collections, but cannot add them.
Log in as Editor.
>>> browser.open(portal_url + '/login')
>>> browser.getControl(name='__ac_name').value = 'editor'
>>> browser.getControl(name='__ac_password').value = 'secret'
>>> browser.getControl(name='submit').click()
>>> "You are now logged in" in browser.contents
True
Go to the test collection.
>>> browser.open(portal_url + '/folder_contents')
>>> browser.getLink('A Test Collection').click()
Edit the collection.
>>> browser.getLink('Edit').click()
>>> browser.getControl(name='description').value = 'An editor description'
>>> browser.getControl('Save').click()
>>> 'An editor description' in browser.contents
True
Edit the criterion.
>>> browser.getLink('Criteria').click()
>>> browser.getControl(name='crit__Type_ATPortalTypeCriterion_value:list').value = ['News Item']
>>> browser.getControl(name='form.button.Save').click()
Check the changed listing view.
>>> browser.getLink('View').click()
>>> 'A Test Page' in browser.contents
False
>>> 'A Test NewsItem' in browser.contents
True
Delete the collection
>>> browser.open(portal_url + '/folder_contents')
>>> browser.getControl('A Test Collection').selected = True
>>> browser.getControl('Delete').click()
>>> browser.getLink('Contents').click()
>>> 'A Test Collection' in browser.contents
False
test pre-requisites
The test assumes that two test users have been set up: 'contributor' and 'editor' with the matching roles. A simple way to do that, is in the afterSetup method of your FunctionalTestCase:
class FunctionalTestCase(ptc.FunctionalTestCase):
"""We use this class for functional integration tests that use
doctest syntax. Again, we can put basic common utility or setup
code in here.
"""
layer = Layer
def afterSetUp(self):
for (memberid, roles) in (('member', ['Member']),
('contributor', ['Contributor']),
('editor', ['Editor']),
('reviewer', ['Reviewer']),
('manager', ['Manager']),
):
self.portal.portal_membership.addMember(memberid,
'secret',
roles, [])
Author: 
Visit our