[Zope-PAS] Re: new plugin for global group roles

Tres Seaver tseaver at zope.com
Tue Feb 8 08:39:36 EST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kapil Thangavelu wrote:

| afaics, the default group usage in pas only augments principal roles
| with local group roles. at the pas sprint this pas week we put together
| a role plugin which will assign global roles to a principal based on
| direct principal grants and group grants.

I'm missing something here:  where are these grants made?  Here is what
I think is happening now:

~ -  The ZODBRoleManager in Zope2 PAS allows assignment of roles to
~    either users or groups (both of which are "principals").

~ - The RecursiveGroupFolder plugin scribbles a "transitive closure" of
~   the user's group memberships onto the user.

~ - Roles (both global and local) assigned either to the user or to one
~   of the user's groups are verfiied in the PropertiedUser method
~  'allowed'.

How does your proposed change work with this setup?

Tres.
- --
===============================================================
Tres Seaver                                tseaver at zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCCMEYGqWXf00rNCgRAmOJAJ4q+1Unum2eh4N7dfjMPd25/AynAgCgi6bu
CBT6WcBdCrsfnbSLnoeZxj8=
=3gJZ
-----END PGP SIGNATURE-----



More information about the Zope-PAS mailing list