[Zope3-Users] understanding security
mats.nordgren
mats at ronin-group.org
Fri Apr 7 16:59:04 EDT 2006
Achim,
Take a look at homefolder in the trunk. You can find it here:
http://svn.zope.org/Zope3/trunk/src/zope/app/homefolder/
It does what you want to do.
On Fri, 07 Apr 2006 16:50:50 +0200, Achim Domma wrote
> Frank Burkhardt wrote:
>
> >> Do I understand it right, that I do not grant a permission to a principal
on a certain
> >> object instance? I only grant a permission to use a certain interface!?
>
> > You can either grant permissions to principals (or groups/roles) globally.
Those permissions
> > can be used in multiple ways:
> > * To protect Views. You can only access views you have permissions for
(e.g. <browser:page ...> )
> > * To protect attributes/methods of classes (*not objects*) (<class
...><required interface=...>)
> > * To define, who is allowed to modify certain attributes (<class
...><required set_schema=...> )
>
> I can follow to this point. That's how I understand Zope security
> until now.
>
> > Additionally you may grant permissions (and role memberships) on a per
object (*not per class*)
> > basis ( using e.g. the grant.html-View) which effects only a single object.
>
> That's what I was looking for, but don't know how to do. For I example:
>
> I want to let a user create an object (i.e. a message in a message
> board). All users with a certain role (i.e. Admins) should be able
> to edit the new object, but the creating user should also be able to
> edit it. So I have to give him the persmission to edit.
>
> How can I do something like that?
>
> regards,
> Achim
>
> _______________________________________________
> Zope3-users mailing list
> Zope3-users at zope.org
> http://mail.zope.org/mailman/listinfo/zope3-users
More information about the Zope3-users
mailing list