[Zope] Re: restricting permissions for direct access only

Chris Withers chris at simplistix.co.uk
Thu Feb 16 03:29:38 EST 2006




David wrote:
> I just disagree.  If theres a paranoia with the standard set of roles 
> then prevent *those* from upward acquisition.  But if I add a role 
> *specifically* so it can access a common code pool, 

Security is hard enough as it is, special cases like this are something 
that Zoep 2 has enough fo already and certainly doesn't need any more...

> say like 
> "/commonPython" and "/commonJavascript" thats available to sub-folders, 
> probably distinquished by data adapter access to various companies ... 
> than whats the downside?  The upside is that I dont have to copy one 
> code improvement across n number of sub-folder instances.

I'm _sure_ there's a better way to solve your problem...

Perhaps you could explain with a simple example what that problem is?

cheers,

Chris

-- 
Simplistix - Content Management, Zope & Python Consulting
            - http://www.simplistix.co.uk





More information about the Zope mailing list