[Zope-dev] uuid.UUID as a rock in zope.security
Chris Withers
chris at simplistix.co.uk
Sat Apr 11 09:30:09 EDT 2009
Martijn Faassen wrote:
>
> b) prevent someone from viewing something with a public view because
> they don't have access to content-level methods and attributes. (which I
> take is your "HTTP request as untrusted code" scenario). (alternate
> strategies are Grok's, which has view-level security but allows
> content-level declarations about what's accessible or not. But prominent
> Grok users are clamoring for something closer to the traditional
> approach with real content level protections)
Well, I like the idea of always having a back-stop on an object that
says "I won't allow you to access bits of the current object that the
user I currently think you're representing isn't allowed to access".
Stopping caring about rocks so much makes that no longer the case.
Chris
--
Simplistix - Content Management, Zope & Python Consulting
- http://www.simplistix.co.uk
More information about the Zope-Dev
mailing list