[Zope] Roles design question

[Thierry Florac]

  Hi,

I'm working on a Zope intranet site involving several Zope products that
I have written, like :
 - Branch,
 - DocsManager,
 - NewsManager,
 - EventsManager

A branch is a Folder subclass, and a container for the other "Manager"
products.
Access rules are quite complex in several cases, but I can define
several roles :
 - webmaster
 - manager
 - contributor
 - visitor

My problem is that :
 - some roles are only defined in the context of a Manager (for example,
'Contributor' or 'Visitor'),
 - access rights are sometimes defined at the 'Branch' level.

Until now, what I did is :
 - define 'webmaster' and 'manager' in the '__ac_roles__' list of Branch
 - define 'contributor' and 'visitor' in '__ac_roles__' of Managers.

Finally (!!), my questions are :
 - is this the best way to design and implement my roles ?
 - can I define permissions at the Branch level (with manage_permission)
for roles which are not present in '__ac_roles__' ?  And if so, are
these permissions acquired in the usual way ??

Thanks for any help,

  Thierry


-- 
  Linux every day, keeps Dr Watson away...
  http://gpc.sourceforge.net -- http://www.ulthar.net