[Zope3-dev] My take on Zope3 permissions / security.
Shane Hathaway
shane@zope.com
Tue, 18 Dec 2001 13:12:55 -0500
Lennart Regebro wrote:
> From: "Shane Hathaway" <shane@zope.com>
>>So something about security has to be object-specific. In CMF, we
>>change the role to permission mappings. This works pretty well. I can
>>envision a world, however, where role to permission mappings are global.
>> But then how do you control security based on workflow status?
>>
>
> The only difference when it comes to this is that you don't need to change
> the role to permission mappings, you change the principal to role mapping
> instead, thereby giving a principal different sets of permissions.
> To make that possible Zope3 will need a way to make people have less roles
> further down a hierarchy, and it will need to have an Anonymous principal
> instead of an Anonymous role. It may be that there is some snag there that I
> haven't understood yet...
Maybe so. You just have to be sure you never store the principal IDs in
the content objects, but instead compute the principal to role mappings
on the fly. (Also known as computed local roles.) You may have been
thinking along these lines anyway, but here's an example:
Let's say I'm in a new company and I want to allow all employees to
comment on documents in the company intranet, but only when the
documents have been published. My company grows and lots of document
are added all the time. Unfortunately, newer employees can't comment on
older documents because their principal IDs didn't exist when the
documents were published. Hmm, not good. The problem gets worse in
larger organizations.
Shane