[Zope-dev] Factory pollution, scopes, zope hosting
Lalo Martins
lalo@webcom.com
Thu, 13 Jan 2000 01:02:55 -0200
On Wed, Jan 12, 2000 at 08:41:51PM -0600, Tres Seaver wrote:
> Lalo Martins <lalo@webcom.com> wrote:
> >
> > I thought of this one too, but it would be a major security
> > problem, because any of your customers with Manager role would
> > be able to add a ``factory proxy'' (or ``product proxy'') and
> > gain access to any product you have.
>
> Hmm, if the parent of a given user's root folder didn't expose the product, then
> the user wouldn't be able to either, perhaps? This would mean defaulting to all
> products available, and then turning them off as folder properties within each
> branch of the tree where they did not apply.
So forget the ``product proxies''. It's either product scopes
or product filters in the folder object (both look good to me).
> > I think a scope in the Factory (or perhaps the Product, you
> > have a good point) is the best sollution.
>
> The problem here is that the Product developer won't know how a site manager
> will want to use the product, in many cases -- or are you suggesting that the
> site manager might add items to the product folder?
Let's forget Factories and filter Products. I make scope a
Product property, then the site manager opens the Product
object and edits this property. Sounds reasonable. Filtering on
folders sounds reasonable too. Whoever gets to write the code
can choose, AFAICS. :-)
[]s,
|alo
+----
--
I am Lalo of deB-org. You will be freed.
Resistance is futile.
http://www.webcom.com/lalo mailto:lalo@webcom.com
pgp key in the web page
Debian GNU/Linux --- http://www.debian.org
Brazil of Darkness -- http://zope.gf.com.br/BroDar