[Zope-CMF] A very long permissions list ;-)
Shane Hathaway
shane@digicool.com
Wed, 11 Apr 2001 11:52:14 -0400
Danny William Adair wrote:
> I'm not sure if this can be done easily, but wouldn't it all be easier if a
> role-permission mapping could be something like a "rule", acquirable of
> course?
Yes, that's another good direction to take. Since this is very relevant
to the CMF, we can keep this conversation here for a bit.
To improve security, one has to think about the way different people
deal with security.
Developers want to distribute components / products that can be easily
and securely integrated into a site. Currently, for adminstrators to
integrate a new product into their site they have to know about the
permissions that the product registers and have to understand how to use
each of those permissions. We need to improve this.
Site administrators need to provide precise access to their users. A
user should have exactly the capabilities they need and nothing more.
Security settings must be clear and explicit.
> Would it make sense to enable the user to place a method like
>
> hasRole(self, Role) on a permission and something like
> hasPermission(self, Permission) on a role,
> (for every object of course, and acquired)
>
> in order to have a do-it-yourself way of finding out a permission mapping?
> That way it would be easy to synchronize a permission mapping with another
> one, avoiding the m*n*o scenario.
I can see it working that way, but right now all permissions and all
roles are simply strings. That way they fit easily in the ZODB.
> Invoking hasRole(self, Role) on the "Change x" permission of a folder (and
> therefore on all of its underlying objects)
>
> could just
>
> return hasRole(getPermission('View'), Role)
>
> or maybe even something like
>
> return (container.publishing_status=='published')
This might work if the permissions and roles were subclassable objects.
> And if you don't place a method there, things would just be done exactly
> like they're done now. With a little redesign the ZMI pages for permissions
> wouldn't get too crowded either, imho.
>
> What do you think about this? Or should I just pull my head out of my Danny?
Well, do you think it would solve the fundamental problem? The problem
is that product authors want to allow granular, explicit, and concise
security. Right now security is granular and partly explicit but not
concise.
Shane