[Zope-dev] PATCH: Expanded "access" file

Phillip J. Eby pje@telecommunity.com
Tue, 25 Jul 2000 15:46:58 -0500


At 10:54 AM 7/25/00 -0400, Brian Lloyd wrote:
>
>I think that this is _definitely_ the kind of thing that 
>should be done in the fishbowl on dev.zope.org.

It's there now.  See:


http://dev.zope.org/Wikis/DevSite/Proposals/UserProgrammableSecurityObjects

It covers in full, I think, the issues that Ty and I have been struggling
with to make LoginManager and ZPatterns give users the power to script user
databases and local roles in a secure way, while not having things blow up
due to infinite recursion as the security model checks that it has the
right to check that it has the right to check that it has the right to....