[Zope3-Users] Users and the Ownership of Objects

Gary Poster gary at zope.com
Wed Sep 28 09:03:16 EDT 2005


On Sep 28, 2005, at 7:02 AM, James Allwyn wrote:

> Dear list,
>
> I have a number of questions. I've split them up over a number of
> emails, to keep them 'bite sized', and hopefully make any replies more
> useful in the archive. Apologies if this is not considered correct
> 'etiquette' on this list.

Sounds good to me.

> Is there any recommended method for indicating "ownership" of objects
> by a user?

Not to my knowledge (but that's just my knowledge :-)

> There is potentially a 'many-many' mapping of objects to
> users, so I don't want to use containment to indicate this
> relationship.
>
> Would it be sensible to use Annotations to store a list of principals
> that are associated with the object on the object?

Sounds like a reasonable start.  To be clear (and this is pertinent  
to your next question), annotations are typically places in which  
adapters place their information.  That is, code typically adapts an  
object to an interface that provides the information that they want  
(e.g. a hypothetical IOwned or something, in your case).  The adapter  
might get and set the information in an annotation, but the client  
code would have no knowledge of that.  The client code just adapts  
the object and uses the API.

> I need to be able to call up the objects related to a user, and I'm
> intending to use a Catalog to call the list of objects up. Is this
> compatible with an annotations-based approach - i.e., would I face any
> difficulties getting the Catalog to read data from annotations?

No, you should not.  You can tell a standard index that it indexes a  
given name of a given interface.  The index then attempts to adapt  
each object it gets to the interface, and get the value from the  
name.  Using the approach I described above, then, this would be just  
fine.

> Also, we will need to combine this with our security system - each
> user will be able to edit objects that they are registered as the
> owner of (probably with workflow constraints...). Is this possible
> within the default zope security policy, or will I have to write a new
> one (which is a daunting prospect!)

I think you will need to write your own, but won't be terribly  
surprised to learn I'm wrong. :-)

We have plans to release an alternate security policy that we have.   
Writing a new policy is not nearly as daunting as in Zope 2, at least  
from the perspective of someone who has looked at implementations in  
Zope 2 and Zope 3.  That said, I understand the concern.

> There will also be system
> administrators who will have the rights to edit any of the objects, so
> the concept of roles will work well for them, but I've not been able
> to see how/if I would be able to grant a principal permission to edit
> only those objects that she is registered as an 'owner' of using the
> standard zcml declarations (which, as I understand it, grant
> permission on, say, a whole class of objects).

Since there is no concept (to my knowledge) of owner in Zope 3 now,  
there is certainly no zcml for that.  To your more general question,  
though, the current security policy does allow grants on any object  
that supports annotations.

Gary


More information about the Zope3-users mailing list