[Zope-dev] "dynamic permissions" in zope
Steve Alexander
steve@cat-box.net
Tue, 02 Jan 2001 17:04:54 +0000
Heinz-Josef Claes wrote:
>
> Our requrements are a permissioning system which depends on a matrix:
> There are two independend qualities which describe, if a user is allowed
> to see a document. This can be displayed in a matrix. Only if *both*
> qualities match, the user is allowed to see it.
> As far as I understand zope, it is not possible to map this directly (as
> by all other systems I know).
>
> So my question:
> Is it possible to connect a permission (or role) in zope with a method
> (instead of a static flag which was set)? If it is possible, it should
> be possible to call a special algorithm with this request, which can
> implement whatever is needed. So, it would be (easy) possible to
> *integrate* this functionality.
> (I called this permissions "dynamic", because the are evaluated when
> requestet.)
I believe the latest LoginManager allows you to specify what roles a
user has, and compute these each request, based on the details of the
request.
This is probably more useful than having dynamically computed
permissions; While I can see how a user's roles will vary according to
where they are, what they are doing and when they are doing it, I cannot
see why permissions need to change in that way.
However, you mention that you are new to Zope. ZPatterns can be
difficult to understand and get into. Other than the creators of
ZPatterns, I haven't heard of anyone using this computed permissions system.
--
Steve Alexander
Software Engineer
Cat-Box limited
http://www.cat-box.net