[Zope-Checkins] CVS: Zope3/lib/python/Zope/App/OFS/Content/ZPTPage-
zptpage.zcml:1.1.2.2.4.1
Jim Fulton
jim@zope.com
Sun, 28 Apr 2002 12:08:49 -0400
Tres Seaver wrote:
>
> Jim Fulton wrote:
> > Update of /cvs-repository/Zope3/lib/python/Zope/App/OFS/Content/ZPTPage
> > In directory cvs.zope.org:/tmp/cvs-serv15087
> >
> > Modified Files:
> > Tag: SecurityProxy-branch
> > zptpage.zcml
> > Log Message:
> > Changed to use general Zope.ManageContent permission for adding.
> >
> >
> > === Zope3/lib/python/Zope/App/OFS/Content/ZPTPage/zptpage.zcml 1.1.2.2 => 1.1.2.2.4.1 ===
> > >
> >
> > - <security:permission permission_id="Zope.AddZPTPages"
> > - title="Add ZPT Pages" />
> > -
> > <zmi:factoryFromClass name="ZPTPage"
> > class=".ZPTPage."
> > - permission_id="Zope.AddZPTPages"
> > + permission_id="Zope.ManageContent"
> > title="ZPT Page"
> > description="A simple, content-based Page Template" />
>
> Because they contain scripting, I am not sure that ZPTPages should be
> protected by the same permission as "dumb" content. They are too
> risky, IMNSHO, to turn loose on "normal" content managers *by default*.
> Sites which want such a policy should be able to achieve that by either
> overriding the permission, or by granting the 'Zope.AddZPTPages' to the
> role.
Good point. How about a "ManageActiveContent" permission?
Note that really almost no effort is being put into rationalizing the
Zope 3 permissions at this time. This needs to happen before people
begin to build systems with Zope 3. Coming up with a good permission
model, meaning coming up with standard permissions and permission
catagories would be a good project and topic for debate on zope3-dev.
Jim
--
Jim Fulton mailto:jim@zope.com Python Powered!
CTO (888) 344-4332 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org