[Zope] Using an object's permissions and ownership properties

Geir Bækholt Geir Bækholt
Tue, 1 Apr 2003 08:57:45 +0200


On  Tue, 01 Apr 2003 00:47:53 -0500 GMT (..7:47 where i live(GMT+1) )
Michael Long asked the Zope mailinglist about the following:
  
ML> Hi all,

ML> Is it possible to restrict access to an object to the owner of the
ML> object without creating separate roles for each object.

ML> where each addressbook is owned by a different user.

ML> I would like to set up permissions within a product to control access to
ML> to the various methods that manipulate the data in each of these
ML> addressbooks. Some of the methods should only be available if the user
ML> has both the permission and is the owner of the addressbook. Other
ML> methods would be available to all users with the appropriate permissions
ML> regardless of ownership.

ML> I can't find much documentation showing how to use an objects ownership
ML> attribute to control access to an object. Is this a sane approach and if
ML> so how would I go about implementing this?

you don't have to use the ownership attribute. The owner automagically
has a role "Owner" on objects he/she owns.

So restricting access to only allow the "Owner" role to access these
functions should get you where you want.

These restrictions can be set just as you would other permissions, and
the "Owner" role is no more special than the Manager or Anonymous
ones.

For more info, see the security chapter in the latest edition of the Zope book
http://www.zope.org/Documentation/Books/ZopeBook/2_6Edition/Security.stx

:)

--
Geir Bækholt