[Zope-dev] (Zope2) a proposed tweak to assigning default roles to permissions

Hanno Schlichting hanno at hannosch.eu
Thu Aug 19 03:46:00 EDT 2010


Hi.

On Thu, Aug 19, 2010 at 6:15 AM, David Glick <davidglick at groundwire.org> wrote:
> As an alternative to requiring calling setDefaultRoles/addPermission at
> import time, I suggest that we add an optional roles attribute to the
> <permission> directive.  This would then be used when the directive is
> executed, instead of the current hard-coded Manager setting.  Examples:
>
> <!-- a new permission with 2 default roles -->
> <permission id="my.NewPermission" title="My new permission"
> roles="Manager SiteAdmin"/>
> <!-- a new permission with Manager as the sole, implicit role
> (backwards-compatible) -->
> <permission id="my.OtherPermission" title="My other permission"/>

Can roles currently contain whitespace? Like "Awesome People"?

If so, we should go for nested nodes:

<permission id="my.NewPermission" title="My new permission">
  <role>Manager</role>
  <role>SiteAdmin</role>
  <role>Awesome People</role>
</permission>

I think this matches the style of some of the GenericSetup handlers
which deal with permissions.

I'd not be concerned about overriding the security directive here.
AccessControl's security concept is very different from the one in
zope.security. I don't expect Zope2 to ever be fully compatible with
the current zope.security notion. It's more likely that they will
converge to a third implementation at some point in the future.

Hanno


More information about the Zope-Dev mailing list