[Zope-dev] Some apparent limitations of the Zope security mod
el
Michel Pelletier
michel@digicool.com
Fri, 7 Jan 2000 10:49:35 -0500
> -----Original Message-----
> From: Ross Boylan [mailto:RossBoylan@stanfordalumni.org]
>
>
> The 3rd reason is practical, rather than fundamental:
> 3) If I do it myself, I don't have to worry about getting my
> classes, which
> I may want to do as simply python objects, to play in the
> somewhat hard to
> grasp Zope framework.
The permission aspect is not difficult at all. One data structure,
__ac_permissions__, defines all of the permissions for an object. It is
a tuple of tuples:
__ac_permissions__=(
('PermissionName', ['method1', 'method2', ...],
['Role1', 'Role2', ...],)
...
)
Each permission tuple has three elements, a name, a list of methods that
permission 'protects', and a list of Roles which have that permission by
default. Of course, you can create new roles in the managment interface
or programatically to map to permissions, this is a convinience that
allows the object programmer to specify which methods are managment
methods and which are accessable by other common roles like 'Anonymous'.
Here is an example:
__ac_permissions__=(
('Manage Vocabulary',
['manage_main', 'manage_vocab', 'manage_query'],
['Manager']),
('Query Vocabulary',
['query',],
['Anonymous', 'Manager']),
)
-Michel