[Zope] Local Roles and Acquisition

nwingfield at che-llp.com nwingfield at che-llp.com
Tue Sep 9 13:47:23 EDT 2003 

Dylan,

I'm sure if we're on the same page or not.  Perhaps it would help to more
fully explain the situation.  I spoke of 'Viewer' and 'Editor' (actually
I'm recycling 'Owner') roles.  On my root folder, these are loosely mapped
to the 'View' and 'Edit' privileges, respectively.  Almost all of my
methods are restricted to one of these two privileges using
declareProtected().  In order to granularly assign permissions to
particular users on particular objects, I add local roles to each object,
mapping a particular user to a role.  The problem comes in when Zope
combines the explicit local roles with any local roles granted on all
parent objects, effectively granting a user more roles than it ought.

I understand that you can assign default privileges to a particular role
programmatically.  Concerning setPermissionDefault(), the documentation
says "Note that it is not always necessary to use this method. All
permissions for which you did not set defaults using setPermissionDefault
are assumed to have a single default role of Manager."  This said, I'm not
sure how adding this into my product code will prevent the "trickle down"
local role effect.

Nathaniel



                                                                                                                           
                      Dylan Reinhardt                                                                                      
                      <zope at dylanreinha        To:       nwingfield at che-llp.com                                            
                      rdt.com>                 cc:       Zope Users <zope at zope.org>                                        
                                               Subject:  Re: [Zope] Local Roles and Acquisition                            
                      09/09/2003 11:36                                                                                     
                      AM                                                                                                   
                      Please respond to                                                                                    
                      zope                                                                                                 
                                                                                                                           
                                                                                                                           




On Tue, 2003-09-09 at 07:59, nwingfield at che-llp.com wrote:
> In this situation, I do not wish for local roles to be acquired from
above.
> In other words, I don't want Joe to acquire the local role of 'Viewer'
when
> attempting to look at Sam's stuff.


OK.  That's easy enough to specify.

>
> Because Zope makes the bold assertion that security should always get
more
> permissive the deeper one traverses the object hierarchy,

It does?

Maybe we have different definitions of "deeper" but I think that
standard practice is exactly the opposite of what you describe.

>  is there no way
> to do this short of hacking the 'getRolesInContext()' method?


Sure.  Use security assertions in your product code to limit
viewing-related privileges to owner and manager by default.

Unless I'm grossly misunderstanding the question, you should be able to
accomplish everything you need right in your product code.  Check out
this link for more info on security assertions.

http://zope.org/Members/mcdonc/PDG/chap5zdg.stx

HTH,

Dylan

More information about the Zope mailing list