[Zope] Simpleton requests help - what's this mapping malarkey ?:)

Kevin Dangoor kid@kendermedia.com
Mon, 20 Sep 1999 12:34:32 -0400 

-----Original Message-----
From: chas <panda@skinnyhippo.com>
To: Kevin Dangoor <kid@kendermedia.com>; zope@zope.org <zope@zope.org>
Date: Sunday, September 19, 1999 6:27 PM
Subject: Re: [Zope] Simpleton requests help - what's this mapping malarkey
?:)


>Consider a product MyProduct :
>
>/MyProduct
> /MyClass
> /index_html
> /method2
> /MyClass_add_permission
> /MyClass_factory
> /MyClass_add
> /MyClass_addForm
>
>To add permissions to let method2 change properties :
>1) add a Zope Permission to the MyProduct folder. Let's call it
>"MyPermission"
>2) go to MyClass and click on the "Permissions" tab.
>3) select "MyPermission" from the multiple select list. This is
>   saying 'any instances of this product have the permission MyPermission'.
>   This seems to be very much like a role.

I think it is more like saying "this permission is relevant to this ZClass".

>4) go to MyClass and then click on the "Define permissions" tab.
>5) opposite the "Manage Properties" label, select the "MyPermission"
>   ie. allow any instances of the class to manage the properties.
>
>However, I seem to have missed something since nowhere did we specify
>*who* has this permission. (eg. anonymous users, or just managers.).
>Damn, I feel dense.

Not at all... What you've done to this point is create a permission, and
tell Zope that the user must have that particular permission in order to
manage the properties. Here's the next part:

6) Go to the Zope root and look at the Security tab. From there, you can
define which roles have "MyPermission" set.

*Now* Zope knows that a user must belong to one of the roles that has
"MyPermission" set in order to manage properties.

>Actually, I'd have really liked it if there were a security tab on the
>zclass (not the instance) - but I notice that there are no security tabs
>there.... only these wonderful "define permission" pages.  Wait, perhaps
>that's a clue - why *aren't* there "security" tabs in  zclasses ? I mean,
>for something as simple as setting "anonymous user can manage properties",
>a standard security tab would have done the job fine.

I think the idea is that security is more of an "instance" related thing. At
the class level, you define which permissions are necessary to take given
actions. In the actual instances, you define which roles have those
permissions. (And the roles->permissions mapping is something that can be
acquired). This is basically how the standard Zope objects work, and the
ZClasses are consistent with that.


>Half way .... and your help is much appreciated.
>
>Do you remember at school there was that annoying kid who stuck his
>hand up, asked a question, the teacher replied, yet still he didn't
>understand ? I'm that kid :)

Nahh.. I kinda felt like I had given a halfway sort of answer. But, I wasn't
certain where to take it next...

Kevin