[Zope] Local Roles and Acquisition
Dylan Reinhardt
zope at dylanreinhardt.com
Tue Sep 9 16:37:15 EDT 2003
On Tue, 2003-09-09 at 07:59, nwingfield at che-llp.com wrote:
> In this situation, I do not wish for local roles to be acquired from above.
> In other words, I don't want Joe to acquire the local role of 'Viewer' when
> attempting to look at Sam's stuff.
OK. That's easy enough to specify.
>
> Because Zope makes the bold assertion that security should always get more
> permissive the deeper one traverses the object hierarchy,
It does?
Maybe we have different definitions of "deeper" but I think that
standard practice is exactly the opposite of what you describe.
> is there no way
> to do this short of hacking the 'getRolesInContext()' method?
Sure. Use security assertions in your product code to limit
viewing-related privileges to owner and manager by default.
Unless I'm grossly misunderstanding the question, you should be able to
accomplish everything you need right in your product code. Check out
this link for more info on security assertions.
http://zope.org/Members/mcdonc/PDG/chap5zdg.stx
HTH,
Dylan
More information about the Zope
mailing list