[Grok-dev] Re: grok and complicated permissions

Brandon Craig Rhodes brandon at rhodesmill.org
Tue Oct 2 15:29:58 EDT 2007 

Martijn Faassen <faassen at startifact.com> writes:

> Brandon Craig Rhodes wrote:
>
>> I have read PvW's book and also example Grok code, and am not
>> finding a complicated enough security scheme for my needs...
>
> You could solve this by using local roles given suitably organized
> object hierarchies.  ... You store these objects per department and
> then give someone a local role (or permission) on the department
> they're allowed to edit.

Unfortunately, a campus is too complicated to store everyone in "their
department", because most people are associated with several at once.
It is common for a grad student in Electrical Engineering to have a
part-time job with Computing Services and also be serving as an
assistant instructor for a course in the School of Math.  So trying to
control access by moving people into a Container representing their
department would require them to be several places at once!

> Alternatively you can go for an entirely new zope security policy.
> Zope's security policy is replacable.  zope.app.securitypolicy
> implements the default one, but it is replacable.  A bigger task, of
> course.

This sounds like more fun!  It would fit the problem very well - and
make auditors very, very happy, if any of them were ever interested -
just to place all security checks in one place where they can be
reviewed and controlled.  My wild imagination suggests:

    class MyApp(grok.Application, grok.Container):
        ...

    class MyChecker(grok.SecurityChecker):
        grok.context(MyApp)

        def allowed(self, action, target):
            principal = IAuthentication().authenticate()
            if principal.id == 'brandon':
                return True  # make brandon a superuser
            if admin_controls_a_dept_of(principal.id, target.username):
                return True
            return False

Or, maybe this snippet makes no sense, and one would want to wrap
particular objects instead of particular local sites:

    class PersonChecker(grok.SecurityChecker):
        grok.context(Person)
        def allowed(self, action):
            ... (check for permission) ...

    class AccountChecker(grok.SecurityChecker):
        grok.context(Account)
        def allowed(self, action):
            ... (check for permission) ...

Either kind of mechanism would let me get started.

But, having looked in PvW's book and in the various Zope security
modules, I cannot find any way to either plug in a local utility and
take control of either (following my first example above) the security
decisions of an entire application, nor can I find a way to provide an
adapter and take over security decisions on a particular class (like
the second example above).

Help! :-)

What is the mechanism for plugging in security decision-makers?  Is it
done through utilities or adapters?

-- 
Brandon Craig Rhodes   brandon at rhodesmill.org   http://rhodesmill.org/brandon

More information about the Grok-dev mailing list