Am Donnerstag 04 September 2008 12:49:17 schrieb Martijn Faassen:
Hermann Himmelbauer wrote: [snip]
- The real reason I need the interfaces is that I have to include them in my configure.zcml in order to make the underlying objects read/writeable. But this is in my case only annoying, but not helpful at all.
Ah, interesting! This is a problem that doesn't exist in Grok, as we turn off model-based security checks. (views still make them, and permissions can still be model based. just no automatic checks when you access a method or attribute)
Yes, the problem is that for a ZODB I'd say that an owner of an object may alter it's data. For instance, a user has a "person" object and may alter his name, address but he must not alter other person objects. When using a RDB, all persons are in a table and I have a Person object, which represents a row of this table, however, I cannot outline who owns the person, therefore I have to allow access to person objects for all users. Therefore I have to do security at another level, e.g. the view and not at the model. Nevertheless I assume there will somehow be a magic command that I can issue for the RDB-based classes (probably there's some counterpart to the ZCML "class" directive). Best Regards, Hermann -- hermann@qwer.tk GPG key ID: 299893C7 (on keyservers) FP: 0124 2584 8809 EF2A DBF9 4902 64B4 D16B 2998 93C7