Sep 19, 2011 3:33 PM
Overriding permissions in Core zcml files
-
Like (0)
Is there any way for a ZenPack to override the security tags in Core-provided zcml files?
For example, $ZENHOME/ZenUI3/browser/navigation.zcml has:
<browser:viewlet | |
name="Reports" | |
url="/zport/dmd/reports" | |
subviews="/zport/dmd/Reports" | |
weight="4" | |
manager="..navigation.interfaces.IPrimaryNavigationMenu" | |
class="..navigation.menuitem.PrimaryNavigationMenuItem" | |
permission="zenoss.View" | |
layer="..navigation.interfaces.IZenossNav" | |
/> |
I want:
<browser:viewlet | |
name="Reports" | |
url="/zport/dmd/reports" | |
subviews="/zport/dmd/Reports" | |
weight="4" | |
manager="..navigation.interfaces.IPrimaryNavigationMenu" | |
class="..navigation.menuitem.PrimaryNavigationMenuItem" | |
permission="zenoss.Common" | |
layer="..navigation.interfaces.IZenossNav" | |
/> |
Cheers,
Jane
It turns out that there's a very simple answer to this problem, and others like it. It's called overrides.zcml. Instead of putting that viewlet definition in configure.zcml, put it into a file called overrides.zcml. I just tested this, and it worked like a charm.
Apparently my last update wasn't complete for this case. Using overrides.zcml alone results in the Reports primary navigation being unavailable to anyone, even users with the Manager role.
We need to define another skin layer to set custom permissions on the navigation items. Here's what I did within my ZenPack to make the Reports top-level navigation only available to users with the Manager role.
configure.zcml (primary)
<?xml version="1.0" encoding="utf-8"?>
<configure
xmlns="http://namespaces.zope.org/zope"
xmlns:browser="http://namespaces.zope.org/browser">
<include package=".browser"/>
<interface
name="sandboxSkin"
interface=".interfaces.ISandboxSkin"
type="zope.publisher.interfaces.browser.IBrowserSkinType"
/>
<browser:viewlet
name="Reports"
url="/zport/dmd/reports"
subviews="/zport/dmd/Reports"
weight="4"
manager="Products.ZenUI3.navigation.interfaces.IPrimaryNavigationMenu"
class="Products.ZenUI3.navigation.menuitem.PrimaryNavigationMenuItem"
permission="zenoss.ManageDMD"
layer="ZenPacks.cluther.Sandbox.interfaces.ISandboxSkin"
/>
</configure>
overrides.zcml
<configure xmlns="http://namespaces.zope.org/browser">
<defaultSkin name="sandboxSkin"/>
</configure>
interfaces.py
from Products.ZenUI3.navigation.interfaces import IZenossNav
class ISandboxSkin(IZenossNav):
"""
Marker interface for sandbox nav layer
"""
I still can't make this work.
If I edit $ZENHOME/Products/ZenUI3/browser/navigation.zcml and change the permission on the Reports primary navigation menu from zenoss.Common to zenoss.View then anyone who doesn't have the View permission doesn't see the REPORTS menu at all. This is the behaviour I'd like to see.
So, change $ZENHOME/Products/ZenUI3/browser/navigation.zcml back to have zenoss.Common.
I have followed you example here to "override" this Reports menu:
and
The result is that those that do have View permission see the the full REPORTS menu as usual - good. Those that don't have View DO see the REPORTS top-level menu, they DO see the Basic and Advanced submenus but the rest of the page is blank. The site error log is showing an authorization exception:
This is exactly the same behaviour as I have without any of the configure.zcm / overrides.zcml stuff. Why do I see the REPORTS menu at all??
Where am I going wrong??
What I REALLY want to see is reports only for those devices where I do have View access. I appreciate this is a different question but that's where I am headed.
Cheers,
Jane
Follow Us On Twitter »
|
Latest from the Zenoss Blog » | Community | Products | Services Resources | Customers Partners | About Us | ||
Copyright © 2005-2011 Zenoss, Inc.
|
||||||||