[Zope-CMF] Object ownership
Tres Seaver
tseaver@zope.com
20 May 2002 08:34:38 -0400
On Mon, 2002-05-20 at 00:34, John Morton wrote:
> Does anyone know of a simple method for finding out who owns a given object,
> and perhaps a means of transfering ownership around?
>
> I had a cursory look through the usual places; I guess if ownership is still
> entirely governed by local roles, then I might have been looking in the wrong
> place.
There are two different senses of ownership within Zope:
- "executable" ownership defines the user whose roles mask those of
the invoking user; this one addresses some server-side trojan
issues, and is mostly interesting for "methodish" objects
("Wesleyans"?)
- the "Owner" local role defines who has the permissions associtated
with that role for the object: e.g., who can edit in in the private
state (for the default workflow). Users can be granted the owner
local role via:
o the ZMI (linked from the "Security" tab)
o The "Local Roles" action for folders (note that the role is
acquired by default)
o Scripts calling 'manage_{add,set,del}LocalRoles' (defined in
'AccessControl/Role.py').
Tres.
--
===============================================================
Tres Seaver tseaver@zope.com
Zope Corporation "Zope Dealers" http://www.zope.com