[Zope-PAS] Re: new plugin for global group roles
Tres Seaver
tseaver at zope.com
Tue Feb 8 08:39:36 EST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Kapil Thangavelu wrote:
| afaics, the default group usage in pas only augments principal roles
| with local group roles. at the pas sprint this pas week we put together
| a role plugin which will assign global roles to a principal based on
| direct principal grants and group grants.
I'm missing something here: where are these grants made? Here is what
I think is happening now:
~ - The ZODBRoleManager in Zope2 PAS allows assignment of roles to
~ either users or groups (both of which are "principals").
~ - The RecursiveGroupFolder plugin scribbles a "transitive closure" of
~ the user's group memberships onto the user.
~ - Roles (both global and local) assigned either to the user or to one
~ of the user's groups are verfiied in the PropertiedUser method
~ 'allowed'.
How does your proposed change work with this setup?
Tres.
- --
===============================================================
Tres Seaver tseaver at zope.com
Zope Corporation "Zope Dealers" http://www.zope.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCCMEYGqWXf00rNCgRAmOJAJ4q+1Unum2eh4N7dfjMPd25/AynAgCgi6bu
CBT6WcBdCrsfnbSLnoeZxj8=
=3gJZ
-----END PGP SIGNATURE-----
More information about the Zope-PAS
mailing list