[Zope-CMF] Object ownership
John Morton
jwm@plain.co.nz
Tue, 21 May 2002 20:01:30 +1200
On Tuesday 21 May 2002 00:34, Tres Seaver wrote:
> There are two different senses of ownership within Zope:
>
> - "executable" ownership defines the user whose roles mask those of
> the invoking user; this one addresses some server-side trojan
> issues, and is mostly interesting for "methodish" objects
A method that transfers ownership should probably modify this, but otherwise
I can leave it allow. However, as it's set at object creation, I could use
this to determine the object's creator, which is what I'm looking for.
> ("Wesleyans"?)
Nice :-)
> - the "Owner" local role defines who has the permissions associtated
> with that role for the object: e.g., who can edit in in the private
> state (for the default workflow). Users can be granted the owner
> local role via:
>
> o the ZMI (linked from the "Security" tab)
>
> o The "Local Roles" action for folders (note that the role is
> acquired by default)
>
> o Scripts calling 'manage_{add,set,del}LocalRoles' (defined in
> 'AccessControl/Role.py').
But no methods for answering the question, "Which users have the local role
'Owner' for this object?".
I'll have a look around these places and see what I can come up with, though I
think the kludge of saving the workflow actor name at object creation time
might do the trick.
Thanks,
John