[Zope3-Users] understanding security
Achim Domma
domma at procoders.net
Fri Apr 7 10:50:50 EDT 2006
Frank Burkhardt wrote:
>> Do I understand it right, that I do not grant a permission to a principal on a certain
>> object instance? I only grant a permission to use a certain interface!?
> You can either grant permissions to principals (or groups/roles) globally. Those permissions
> can be used in multiple ways:
> * To protect Views. You can only access views you have permissions for (e.g. <browser:page ...> )
> * To protect attributes/methods of classes (*not objects*) (<class ...><required interface=...>)
> * To define, who is allowed to modify certain attributes (<class ...><required set_schema=...> )
I can follow to this point. That's how I understand Zope security until now.
> Additionally you may grant permissions (and role memberships) on a per object (*not per class*)
> basis ( using e.g. the grant.html-View) which effects only a single object.
That's what I was looking for, but don't know how to do. For I example:
I want to let a user create an object (i.e. a message in a message
board). All users with a certain role (i.e. Admins) should be able to
edit the new object, but the creating user should also be able to edit
it. So I have to give him the persmission to edit.
How can I do something like that?
regards,
Achim
More information about the Zope3-users
mailing list