[Zope-CMF] A very long permissions list ;-)
Dieter Maurer
dieter@handshake.de
Thu, 12 Apr 2001 00:04:04 +0200 (CEST)
Chris Withers writes:
> Dieter Maurer wrote:
> > Chris Withers writes:
> > > .... That's 250 permissions! Is Zope okay with that?
> > I do not think so.
> >
> > The permission page is very unwieldy and need to get a
> > better design.
>
> Well, I wouldn't be using the permissions _page_ to modify these. I was asking
> about the Zope security machinery. How would that hold up?
This is no problem for Zope. It can support arbitrary many permissions
(beside managing the permission page).
Zope is only interested in a permission for
an access to an attribute, say *a*.
Zope will then look at "*a*__roles__". This is a computed
attribute that will evaluate to the roles that are allowed
to access the attribute. It traverses up the containment
chain until it finds either a permission mapping for
the single permission that protects the attribute,
or an object that does not inherit the mapping
or the end of the containment chain.
This process is independent from the number of permissions.
Dieter