Read/write permissions #91
Description
Is is possible to apply supermodel security attributes, i.e. https://docs.plone.org/external/plone.app.dexterity/docs/reference/dexterity-xml.html#read-permission-write-permission?
What I'm trying to do is hide a field from users who do not have the required permission.
I tried the following:
I created a custom field TTW, then exported the plone.app.users.setuphandlers.export_schema from portal_setup.
Then I added a security:read-permission to the field like this:
<field name="account_number" type="zope.schema.TextLine" users:forms="On Registration|In User Profile"
security:read-permission="cmf.ManagePortal"
security:write-permission="cmf.ManagePortal">
<description>...</description>
<title>Account Number</title>
</field>
Then I created a new Plone site and finally I went to portal_setup/manage_tarballImport and uploaded my modified tar-gzipped userschema.xml file.
When I create a new user that does not have the cmf.ManagePortal permission,
the field is in the @@personal-information view and it is editable and saveable.
So that doesn't work. Further, if I re-export the plone.app.users.setuphandlers.export_schema from portal_setup, I see the the userschema.xml file does not have my security:read|write-permission attributes that I imported it with.
Is there any way to achieve this?