[Zope-dev] zope.localpermission and the "zope app permissions"

Martijn Faassen faassen at startifact.com
Wed Mar 11 13:27:43 EDT 2009


Hey,

Dan Korostelev wrote:
> As a part of zope.app.security refactoring process, I extracted local
> (persistent) permissions to new "zope.localpermission". And I faced
> one problem and I'm not sure about its resolution.
> 
> Originally, I wanted to only move the "zope.Public" permission
> declaration into zope.security, because that permission name is
> special and always available. As for other permissions
> (zope.View/zope.Security/zope.ManageContent, etc.), I wanted to just
> leave them in zope.app.security as is.
> 
> But security declarations for the "LocalPermission" class in
> zope.localpermission needs the "zope.Security" permission. Also, some
> of those permissions are used much in other zope.* packages for zcml
> security declarations.
> 
> So, I wonder what should we do with this. 

If it doesn't introduce new dependencies, I think a few more definitions 
of permissions in zope.security won't hurt (only those commonly used). 
I'd like that better than introducing a new package. Do you think this 
will be tolerable to you?

We should indeed only move those widely used.

The problem we have is that some content objects (i.e. not only the ZMI) 
declare that some of their methods need permissions. In order to support 
those we do need to have the definitions in a central place, and I think 
zope.security would be as good as any if we can do it without 
introducing more dependencies. Just put them in a separate submodule and 
we should be okay.

> Oh, and on the topic, one more time: can we have a steering group
> decision on the package requirements for zcml statements? Are we doing
> extras for them or simply skipping them?

Sorry, I wasn't clear that there was an open question and I'm afraid I 
don't understand this one. :)

Could you point me to the appropriate thread that was left in the 
middle, or could you start a new thread with a description of the open 
question?

Regards,

Martijn



More information about the Zope-Dev mailing list