Overriding permissions in Core zcml files

Chet Luther

1,302 posts since
May 22, 2007

Currently Being Moderated

1. Sep 22, 2011 1:05 PM (in response to jcurry)

Re: Overriding permissions in Core zcml files

It turns out that there's a very simple answer to this problem, and others like it. It's called overrides.zcml. Instead of putting that viewlet definition in configure.zcml, put it into a file called overrides.zcml. I just tested this, and it worked like a charm.

Report Abuse
Like (0)

Chet Luther

1,302 posts since
May 22, 2007

Currently Being Moderated

2. Oct 11, 2011 10:53 AM (in response to jcurry)

Re: Overriding permissions in Core zcml files

Apparently my last update wasn't complete for this case. Using overrides.zcml alone results in the Reports primary navigation being unavailable to anyone, even users with the Manager role.

We need to define another skin layer to set custom permissions on the navigation items. Here's what I did within my ZenPack to make the Reports top-level navigation only available to users with the Manager role.

configure.zcml (primary)

<?xml version="1.0" encoding="utf-8"?>
<configure
    xmlns="http://namespaces.zope.org/zope"
    xmlns:browser="http://namespaces.zope.org/browser">

    <include package=".browser"/>

    <interface
        name="sandboxSkin"
        interface=".interfaces.ISandboxSkin"
        type="zope.publisher.interfaces.browser.IBrowserSkinType"
        />

    <browser:viewlet
        name="Reports"
        url="/zport/dmd/reports"
        subviews="/zport/dmd/Reports"
        weight="4"
        manager="Products.ZenUI3.navigation.interfaces.IPrimaryNavigationMenu"
        class="Products.ZenUI3.navigation.menuitem.PrimaryNavigationMenuItem"
        permission="zenoss.ManageDMD"
        layer="ZenPacks.cluther.Sandbox.interfaces.ISandboxSkin"
        />

</configure>

overrides.zcml

<configure xmlns="http://namespaces.zope.org/browser">
<defaultSkin name="sandboxSkin"/>
</configure>

interfaces.py

from Products.ZenUI3.navigation.interfaces import IZenossNav

class ISandboxSkin(IZenossNav):
    """
    Marker interface for sandbox nav layer
    """

Report Abuse
Like (0)

jcurry

1,021 posts since
Apr 15, 2008

Currently Being Moderated

3. Oct 14, 2011 7:09 AM (in response to Chet Luther)

Re: Overriding permissions in Core zcml files

I still can't make this work.

If I edit $ZENHOME/Products/ZenUI3/browser/navigation.zcml and change the permission on the Reports primary navigation menu from zenoss.Common to zenoss.View then anyone who doesn't have the View permission doesn't see the REPORTS menu at all. This is the behaviour I'd like to see.

So, change $ZENHOME/Products/ZenUI3/browser/navigation.zcml back to have zenoss.Common.

I have followed you example here to "override" this Reports menu:

and

The result is that those that do have View permission see the the full REPORTS menu as usual - good. Those that don't have View DO see the REPORTS top-level menu, they DO see the Basic and Advanced submenus but the rest of the page is blank. The site error log is showing an authorization exception:

This is exactly the same behaviour as I have without any of the configure.zcm / overrides.zcml stuff. Why do I see the REPORTS menu at all??

Where am I going wrong??

What I REALLY want to see is reports only for those devices where I do have View access. I appreciate this is a different question but that's where I am headed.

Cheers,

Jane

Report Abuse
Like (0)

Sep 19, 2011 3:33 PM

Actions

More Like This

Legend

	<browser:viewlet
	name="Reports"
	url="/zport/dmd/reports"
	subviews="/zport/dmd/Reports"
	weight="4"
	manager="..navigation.interfaces.IPrimaryNavigationMenu"
	class="..navigation.menuitem.PrimaryNavigationMenuItem"
	permission="zenoss.View"
	layer="..navigation.interfaces.IZenossNav"
	/>