Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Five ZCML permissions are missing for endpoints security #221

Open
sneridagh opened this issue Mar 2, 2017 · 0 comments
Open

Five ZCML permissions are missing for endpoints security #221

sneridagh opened this issue Mar 2, 2017 · 0 comments
Labels
05 type: question 99 tag: sprint

Comments

@sneridagh
Copy link
Member

I've found some permissions that should be added to Zope in order to give the appropriate permissions in the endpoint's ZCML. The permission exists as an old style permissions but it lacks the new style Zope dotted names. For example:

@groups endpoint:
View Groups
Add Groups
Delete Groups
Manage Groups

It's curious, but there are no users counterparts to be used in the @users endpoint. But maybe they should exist. However, this is a more tricky question because we have to change PAS for this.

@users endpoint:

View users (should exist, in order to browse the existing users on a site)

@Principals endpoint:

View users/groups (should exist, in order to browse the existing users and groups on a site, for the sharing tab search)

There might be others, we can discuss it at the sprint.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
05 type: question 99 tag: sprint
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sneridagh @tisto