[Zope3-dev] Re: ObjectHub should change data structure

[Phillip J. Eby]

At 12:28 PM 6/27/03 -0400, Shane Hathaway wrote:
>The project is a CMS with a repository model, where all content goes into 
>a big bucket.  The big bucket is an important part of the architecture, 
>since it facilitates staging and sharing content among sections.  Yet the 
>customer also needed to be able to confine users to editing objects 
>located in particular sections.  Zope's security model made this 
>difficult.  We couldn't grant the limited users permissions for the entire 
>repository.  Applying local roles to every object in the repository would 
>be a burden, and wouldn't work if there are a lot of users.

This sounds to me like an example of a use case for rule-based security 
(aka "computed local roles" in Zope 2 terminology).