[Zope-CMF] Security Question
Tres Seaver
tseaver@zope.com
Sun, 24 Feb 2002 18:04:32 -0500 (EST)
On Sun, 24 Feb 2002, Chris Withers wrote:
> Dieter Maurer wrote:
> >
> > * A CMF Site that really cares can easily provide a finer grained
> > protection.
>
> How?
>
> > * We have too many permissions inside Zope, especially when we
> > use the CMF
>
> Well, I think Zope 3 is gonna let you group them at the site
> config level, so maybe more permissions is the way to go ;-)
Not in Zope2. Sites which want finer-grained security are making
an explicitly different policy choice than the one made *by
design* in CMFDefault, and must be prepared to customize
accordingly.
The simplest way to do this is to create a product which
registers its own factories for the CMFDefault content classes;
then, update the type objects to refer to the new product.
E.g., in Products/FineGrainedCMFSecurity/__init__.py::
from Products.CMFDefault import Document
from Products.CMFDefaul import Link
from Products.CMFDefault import NewsItem
from Products.CMFDefault import Image
...
from Products.CMFDefault.utils import ContentInit
content_classes = ( Document.Document, LinkLink, ... )
content_ctors = ( Document.addDocument, Link.addLink, ... )
content_fti = ( Document.factory_type_information
+ Link.factory_type_information
...
)
priv_content_classes = ( NewsItem.NewsItem, Image.Image, ... )
priv_content_ctors = ( NewsItem.addNewsItem, Image.addImage, ... )
priv_content_fti = ( NewsItem.factory_type_information
+ Image.factory_type_information
...
)
def register( context ):
ContentInit( 'Normal Content'
, content_types=content_classes
, permission='Add normal content'
, extra_constructors=content_ctors
, fti=content_fti
).initialize( context )
ContentInit( 'Privileged Content'
, content_types=priv_content_classes
, permission='Add privileged content'
, extra_constructors=priv_content_ctors
, fti=priv_content_fti
).initialize( context )
Tres.
--
===============================================================
Tres Seaver tseaver@zope.com
Zope Corporation "Zope Dealers" http://www.zope.org