[Zope-dev] Methods through the Web (security?)

Phillip J. Eby pje@telecommunity.com
Thu, 18 May 2000 09:16:06 -0500


At 12:13 PM 5/18/00 +0100, Steve Alexander wrote:
>
>It occurs to me that there are two distinct "views" of the Zope tree.
>
> 1. The developer's / content manager's view
>
> 2. The end-user's view
>

Unfortunately, it's not just black-and-white, it's lots of shades of grey
in between.  Management screens, for example, display tabs based on a
user's permissions.  You can give someone certain permissions and not
others.  It's very difficult to say, at the Zope framework level that
something is "development" vs. "content".

In some ways it'd be nice if you could, because then you could use
permission mappings for "runtime" permissions on all of your methods, and
have roles mapped to permissions in "development" mode.  (Sort of the way
ZClasses work now - when you edit the ZClass, you're in "development", but
when you access an instance, it's "runtime" as far as permissions are
concerned.)