[Zope-dev] [ZPatterns] DataSkin object ownership

Ty Sarna tsarna@endicor.com
14 Dec 2000 18:45:49 GMT


In article <200012130255.SAA29869@zope.codeit.com>,
Phillip J. Eby <pje@telecommunity.com> wrote:
> At 08:04 PM 12/12/00 -0500, BS wrote:
> >Do DataSkins have ownership? I want to give multiple users the ability to
> >add objects to a rack and only allow the 'owner' to view/edit the object.
> 
> DataSkins stored in Racks do not participate in the Zope ownership
> mechanism, nor the creation of the 'Owner' role.  This is because they are

To clarify: if you just want Owner roles, as opposed to Ownership[1][2][3],
you can do that with totally-non-ZODB objects.  I have a couple
different applications where totally SQL- or LDAP- are given local roles
(Owner and others) to implement security as you describe. 

The way we do it requires LoginManager to be in use, or to have patched
Zope with improvents to the local roles support (LM effectively hotfixes
these in for its own users). Then our DataSkins-based ZClasses also
mix in AppTabs[4], which has a get_local_roles_for_user() which tries
a LocalRolesForUser() method if it exists, otherwise falls back to older
means. Finally, you can define LocalRolesForUser to compute local roles
for the accessing user by whatever rules it wants.

[1] People may complain about ZPatterns terminology, but at least we
have the sense not to use the same word for two entirely different
concepts! :-)

[2] And I don't know why you'd care about Ownership for your objects in
this example...  it doesn't seem meaningful for these sorts of non-code
objects.

[3] Actually, maybe you could write SkinScript to provide the _owner
attribute. But see [2]...

[4] Unreleased product, still in some flux.  It mainly provides fancier,
more flexible version of Zope's management tabs, suitable for use in an
application (that is, suitable for exposing to users, not just
developers). It also has some local roles hooks as mentioned.