"site administrator" role has no permissions

collective / collective.googleanalytics

4 stars 15 forks source link

"site administrator" role has no permissions #5

Open fulv opened 11 years ago

fulv commented 11 years ago

Now that there is the useful "site administrator" role, it would be great if it had access to the control panel. Unfortunately, the permission "cmf.ManagePortal" is used in several places, so it can't even be overridden in the ZMI.

davisagli commented 11 years ago

It should be fine to change that to a more specific permission that is assigned to the Manager and Site Administrator roles. Can you make a pull request?

fulv commented 11 years ago

Although, what about older Plone versions where there is no Site Administrator role? Not sure how to handle that.

davisagli commented 11 years ago

If you set the roles using CMFCore.utils.setDefaultRoles instead of in rolemap.xml it should be okay -- setDefaultRoles doesn't validate the roles that are specified in any way.

fulv commented 11 years ago

You mean in a "setupVarious"-type importStep? The product doesn't have one (except for the importAnalyticsReportStep), so I'd have to add it.

I'm not familiar with CMFCore.utils.setDefaultRoles. Are you saying that if I installed it on Plone 4.0, the call

setDefaultRoles( "Google Analytics: Manage Analytics Reports", ( 'Manager', 'Site Administrator' ) )

would be equivalent to

setDefaultRoles( "Google Analytics: Manage Analytics Reports", ( 'Manager', ) )

I guess I should try it.

fulv commented 11 years ago

No dice. I tried adding this to exportimport.py, as well as the corresponding zcml:

def setupVarious(context):
    """
    Various import steps that are not handled by GS import/export handlers.
    """
    from Products.CMFCore.permissions import setDefaultRoles
    setDefaultRoles( 'Google Analytics: View Analytics Results', 
                    ( 'Site Administrator', ) )
    setDefaultRoles( 'Google Analytics: Manage Analytics Reports', 
                    ( 'Site Administrator', ) )

I'm not sure how this is supposed to work. In CMFCore.permissions.setDefaultRoles, the first thing it does is to check

if perm in _registeredPermissions:
    return

And since the permission is declared in the main configure.zcml, it just returns and doesn't do anything.

davisagli commented 11 years ago

You have to put setDefaultRoles in init.py outside of any function, so that it runs early during Zope startup.