[Zope3-Users] Zope 3 security model
Mattia Belletti
mattia at thick.foschia.info
Sat Jul 5 17:56:34 EDT 2008
Albertas Agejevas ha scritto:
> On Wed, Jul 02, 2008 at 08:33:12PM +0200, Mattia Belletti wrote:
>
>> Hi all,
>> I'm a newbie to Zope 3, but I immediatly had very "good vibes" about
>> it. I started developing a test application. Where I immediatly got some
>> problems was when I had to deal with the security model.
>>
>> I illustrate my point. In the system I'm writing, users can register
>> and create objects inside the system. The security system should be
>> quite simple: a user can access the view page of every object, but not
>> the edit page, unless he/she is the author. Well, things are more
>> complex, but this already is proving me problems.
>>
>
> You've chosen an intuitively obvious task for a test app, however one
> that is not at all trivial in Zope. Authentication with dynamic
> principals is pretty much as hardcore as it gets.
>
> You'll need to to sort out the authentication part either by writing a
> PAU plugin to authenticate your users who have corresponding domain
> objects, or even by writing your own local authentication utility.
>
> The authorization part can be done in different ways, but I think the
> simplest one is to set up a role 'owner' and then provide a
> zope.app.securitypolicy.interfaces.IPrincipalRoleMap adapter for your
> content objects that grants the owner role to the owners.
>
Thank you for your prompt reply!
I think I've understood a little better the problem. The PAU part is
quite clear to me, whereas I still have a little confusion about the
IPrincipalRoleMap interface. If I understood well, its instances serve
the purpose of relating roles and principals to a certain content
object, but it also talks about 'settings': what are they?
--
Mattia "RedGlow" Belletti
http://thick.foschia.info - http://anacrusi.splinder.com
More information about the Zope3-users
mailing list