Mercurial Repository: p/roundup/code: doc/customizing.txt comparison

fix provisional user so they can view their own record

author	Richard Jones <richard@users.sourceforge.net>
date	Tue, 05 Apr 2005 22:58:31 +0000
parents	1cbde34afa77
children	3124e578db02

comparison

equal deleted inserted replaced

-:1cbde34afa77
+:e41e1540a287
 ===================
 Customising Roundup
 ===================
-:Version: $Revision: 1.175 $
+:Version: $Revision: 1.176 $
 .. This document borrows from the ZopeBook section on ZPT. The original is at:
 http://www.zope.org/Documentation/Books/ZopeBook/current/ZPT.stx
 .. contents::
 # and give the new users access to the web and email interface
 db.security.addPermissionToRole('Provisional User', 'Web Access')
 db.security.addPermissionToRole('Provisional User', 'Email Access')
+# make sure they can view & edit their own user record
+def own_record(db, userid, itemid):
+'''Determine whether the userid matches the item being accessed.'''
+return userid == itemid
+p = db.security.addPermission(name='View', klass='user', check=own_record,
+description="User is allowed to view their own user details")
+db.security.addPermissionToRole('Provisional User', p)
+p = db.security.addPermission(name='Edit', klass='user', check=own_record,
+description="User is allowed to edit their own user details")
+db.security.addPermissionToRole('Provisional User', p)
 Then, in ``config.ini``, we change the Role assigned to newly-registered
 users, replacing the existing ``'User'`` values::
 [main]

Mercurial > p > roundup > code