[Zope3-dev] Re: ObjectHub should change data structure

[Steve Alexander]

Phillip J. Eby wrote:
> At 12:28 PM 6/27/03 -0400, Shane Hathaway wrote:
> 
>> The project is a CMS with a repository model, where all content goes 
>> into a big bucket.  The big bucket is an important part of the 
>> architecture, since it facilitates staging and sharing content among 
>> sections.  Yet the customer also needed to be able to confine users to 
>> editing objects located in particular sections.  Zope's security model 
>> made this difficult.  We couldn't grant the limited users permissions 
>> for the entire repository.  Applying local roles to every object in 
>> the repository would be a burden, and wouldn't work if there are a lot 
>> of users.
> 
> 
> This sounds to me like an example of a use case for rule-based security 
> (aka "computed local roles" in Zope 2 terminology).

For Zope 3, I'd suggest using special Checkers or a special security 
policy for this application.

You can use a special Checker to implement rule-based security.

--
Steve Alexander