[Zope] role, user defined roles, and inclusion

Dennis Allison allison at shasta.stanford.edu
Tue Mar 29 13:25:05 EST 2005


I guess I am confused about roles and how they are interpreted.

A quick check of the Zope Book didn't provide the answer.  It would be
nice if there were an index for the book.

I've always thought of the roles as flags without an deeper semantics.
But I am seeing some behavior that suggests I my model may be wrong.

Are the standard roles (anonymous, authorized_user, manager) inclusive?  
By inclusive I mean that an authorized_user is also treated as an
anonymous_user and that a manager is also anonymous and an
authorized_user.  

Are user_defined roles inclusive?  Or are they separate and distinct?
If `wizard` is a user defined role, is it also an authorized_user for 
security purposes?

I suspect the real answer here is "it depends upon the implementation".  
If that's the case, what is the best practice used in the Zope system.




More information about the Zope mailing list