[Zope-CMF] A very long permissions list ;-)

Shane Hathaway shane@digicool.com
Tue, 29 May 2001 11:59:18 -0400 (EDT)


On Mon, 28 May 2001, Chris Withers wrote:
> > The workflow will take over security computation at whatever point it
> > sees fit: it might remap permissions, roles, users, or even methods
> > themselves.  That's the plan.
>
> ...how did the implementation turn out? What is it that actually happens
> now? Also, can you explain for a simpleton (me ;-) how this overcomes the
> n-dimensional security problem that started off this thread?

In the current tool, each state has a different set of role to permission
mappings.  As you change state the mappings are manually changed.  I
decided this way fits well in the Zope security model.  The alternative
was to make security computation dynamic, but the relatively small
benefits weren't worth the potential performance hit.

> > In CVS it has been revised somewhat: portal_workflow is now a folder
> > where you can assign types to workflows.  I think it makes several
> > things clearer.  You should read the API documentation on the
> > portal_workflow tool, especially the WorkflowDefinition interface.
>
> Okay, had a quick skim. Has anything significant changed on this over the
> last month?

Just the fact that there is now an implementation that eliminates the need
to look at the API for most.

> > What do you mean?  Are you saying the workflows would manually remap
> > permissions?  That's actually what is done now and there are problems
> > with it, such as not being able to explicitly disable a role to
> > permission mapping without embedding role names in objects.
>
> Hmmm, the implication was that there should have to be things like
> permission checks in skins code that semi-trusted users could take out. The
> alternative view that supports this is that all security assertions should
> encapsulated in one place. Is that place now the workflow tool? should it
> be?

Checks in skins wouldn't be very meaningful in Zope since several
mechanisms could be used to subvert them.  So the other choice is to put
all settings in the workflow, and that's what we've done.

Shane