[Zope-dev] Factory pollution, scopes, zope hosting
Tres Seaver
tseaver@palladion.com
Wed, 12 Jan 2000 20:41:51 -0600
Lalo Martins <lalo@webcom.com> wrote:
> >
> > You have identified a real problem: it is a pain even for me in a site where I
> > stage projects for different clients. One solution I had considered was to hack
> > the factories to add a "global_visibility" flag to them, and to add a "factory
> > proxy" object which would be dropped into the main Zope tree which would
> > "surface" its factory to folders which acquired it.
>
> I thought of this one too, but it would be a major security
> problem, because any of your customers with Manager role would
> be able to add a ``factory proxy'' (or ``product proxy'') and
> gain access to any product you have.
Hmm, if the parent of a given user's root folder didn't expose the product, then
the user wouldn't be able to either, perhaps? This would mean defaulting to all
products available, and then turning them off as folder properties within each
branch of the tree where they did not apply.
>
> I think a scope in the Factory (or perhaps the Product, you
> have a good point) is the best sollution.
The problem here is that the Product developer won't know how a site manager
will want to use the product, in many cases -- or are you suggesting that the
site manager might add items to the product folder?
--
=========================================================
Tres Seaver tseaver@palladion.com 713-523-6582
Palladion Software http://www.palladion.com