[Zope-dev] Re: [Geeks] Re: Interface Meta Data proposal
Jim Fulton
jim@digicool.com
Thu, 30 Nov 2000 09:15:20 -0500
Guido van Rossum wrote:
>
> > Is security really a part of an object's interface? I thought this was more
> > of an implementation thing.
>
> Good point. Certainly in Unix I can have two things implementing the
> same interface (e.g. two named pipes) with different security
> settings (i.e. modes).
>
> However some security stuff can be part of the interface too: e.g. the
> fact that a Foo object has Read, Write and Execute permissions is
> usefully specified as part of its interface. Whether a particular Foo
> instance has a given permission for a certain user is up to the
> instance.
I think we're talking about a different level of security setting
here. In unix, you have certain fixed permissions (e.g. read, write,
execute). The OS maps these permissions onto certain low-level operations
for the few objects it knows about. This is about mapping permissions
onto objects, rather than deciding what users or groups have
what permissions on an object.
In Zope, the programmer defines abstract permissions and decides how to map
the abstract permissions to object operations. It is this mapping that
makes sense for interfaces.
Like Unix, Zope has a separate mechanism for deciding what users/roles
have what permissions on objects. This should not be part of the
object interface. These settings are done by users/administrators.
Jim
--
Jim Fulton mailto:jim@digicool.com Python Powered!
Technical Director (888) 344-4332 http://www.python.org
Digital Creations http://www.digicool.com http://www.zope.org