[Zope-dev] "dynamic permissions" in zope
Tres Seaver
tseaver@digicool.com
Tue, 02 Jan 2001 22:40:28 -0500
Steve Alexander <steve@cat-box.net> wrote:
> Steve Alexander wrote:
>
> >
> > I believe the latest LoginManager allows you to specify what roles a
> > user has, and compute these each request, based on the details of the
> > request.
> >
> > This is probably more useful than having dynamically computed
> > permissions; While I can see how a user's roles will vary according to
> > where they are, what they are doing and when they are doing it, I cannot
> > see why permissions need to change in that way.
> >
> > However, you mention that you are new to Zope. ZPatterns can be
> > difficult to understand and get into. Other than the creators of
> > ZPatterns, I haven't heard of anyone using this computed permissions
> > system.
>
> What I forgot to mention: LoginManager is a Zope product that is built
> using ZPatterns, another Zope product.
>
> When you are doing advanced things with LoginManager, you need to know
> how ZPatterns works.
>
> There are a couple of HOWTO documents on using LoginManager. It will be
> only a small change to alter the "userRoles" method that returns the
> roles a user should have to calculate these roles based on other criteria.
>
> See these documents for information about how to set up LoginManager.
>
> http://www.zope.org/Members/dlpierson/sqlLogin
> http://www.zope.org/Members/jok/SQL_based_LoginManager
The workflow-as-finite-state-machine implementation I am working on
for the PTK has similar requirements: the permission associated with
a particular method (e.g., 'edit'), depends on the workflow status of
the object (e.g., you need more privileges to edit the object once it
has been "published").
My temporary workaround is to have each method assert the appropriate
permission, as part of creating its audit trail entry. I plan to
arrange
for the permission-role mapping computation to be handled by the
workflow
tool, as well.
Tres.
--
===============================================================
Tres Seaver tseaver@digicool.com
Digital Creations "Zope Dealers" http://www.zope.org