Available permissions in Plone¶
Description
What Zope security permissions you have available for your Plone coding
Listing different available permissions¶
Each permission name is a string.
To see available permissions, click Security tab at your site root in Zope Management Interface.
In programming, use pseudoconstants instead of permission string values:
For available ZCML permission mappings see:
-
Products/Five/permissions.zcml
-
Permissions such as
cmf.ModifyPortalContent,zope2.View
-
Permissions such as
-
zope/security/permissions.zcml
-
zope.Public
-
or search for the string
<permission
in
*.zcml
files in the eggs folder of your Plone
development deployment.
Example using UNIX grep tool:
grep -C 3 -Ri --include=*.zcml "<permission" *
Useful permissions¶
Permissions are shown by their verbose name in the ZMI.
-
View - This governs whether you are allowed to view some content.
-
Access Contents Information - This permission allows access to an object, without necessarily viewing the object. For example, a user may want to see the object's title in a list of results, even though the user can't view the contents of that file.
-
List folder contents - This governs whether you can get a listing of the contents of a folder; it doesn't check whether you have the right to view the objects listed.
-
Modify Portal Content - This governs whether you are allowed to modify some content.
-
Manage Portal - This permission allows you to manage the portal. A number of views in the plone control panel are protected with this view. If you plan to write a reusable product, be very hesitant to use this permission, check whether a custom permission might make more sense.
There is no single permission for adding content. Every content type has its own permission. If you create your own content type, create a custom add permission for it.
| Permission name | Permission name for ZCML |
|---|---|
| View | zope2.View |
| Access contents information | zope2.AccessContentsInformation |
| List folder contents | cmf.ListFolderContents |
| Modify portal content | cmf.ModifyPortalContent |
| Manage portal | cmf.ManagePortal |
To reference a permission in code, you need the name as a string. Using strings is a bad convention, all common permissions have a constant in Products.CMFCore.permissions. So to perform a permission check propery, you do something like this:
from AccessControl import getSecurityManager
from AccessControl import Unauthorized
from Products.CMFCore import permissions
if not getSecurityManager().checkPermission(permissions.ModifyPortalContent, object):
raise Unauthorized("You may not modify this object")
All standard permissions from above can be referenced by their Permission name without spaces.
More info: