[Zope-dev] Some apparent limitations of the Zope security mod el

Michel Pelletier michel@digicool.com
Fri, 7 Jan 2000 10:49:35 -0500


> -----Original Message-----
> From: Ross Boylan [mailto:RossBoylan@stanfordalumni.org]
> 
> 
> The 3rd reason is practical, rather than fundamental:
> 3) If I do it myself, I don't have to worry about getting my 
> classes, which
> I may want to do as simply python objects, to play in the 
> somewhat hard to
> grasp Zope framework.  

The permission aspect is not difficult at all.  One data structure,
__ac_permissions__, defines all of the permissions for an object.  It is
a tuple of tuples:

__ac_permissions__=(
                    ('PermissionName', ['method1', 'method2', ...],
                                       ['Role1', 'Role2', ...],)
                     ...
                   )

Each permission tuple has three elements, a name, a list of methods that
permission 'protects', and a list of Roles which have that permission by
default.  Of course, you can create new roles in the managment interface
or programatically to map to permissions, this is a convinience that
allows the object programmer to specify which methods are managment
methods and which are accessable by other common roles like 'Anonymous'.
Here is an example:

    __ac_permissions__=(

        ('Manage Vocabulary',
         ['manage_main', 'manage_vocab', 'manage_query'], 
         ['Manager']),

        ('Query Vocabulary',
         ['query',],
         ['Anonymous', 'Manager']), 
        )

-Michel