[Zope3-Users] Zope 3 security model

Mattia Belletti mattia at thick.foschia.info
Sat Jul 5 17:56:34 EDT 2008


Albertas Agejevas ha scritto:
> On Wed, Jul 02, 2008 at 08:33:12PM +0200, Mattia Belletti wrote:
>   
>> Hi all,
>>  I'm a newbie to Zope 3, but I immediatly had very "good vibes" about
>> it. I started developing a test application. Where I immediatly got some
>> problems was when I had to deal with the security model.
>>
>>  I illustrate my point. In the system I'm writing, users can register
>> and create objects inside the system. The security system should be
>> quite simple: a user can access the view page of every object, but not
>> the edit page, unless he/she is the author. Well, things are more
>> complex, but this already is proving me problems.
>>     
>
> You've chosen an intuitively obvious task for a test app, however one
> that is not at all trivial in Zope.  Authentication with dynamic
> principals is pretty much as hardcore as it gets.
>
> You'll need to to sort out the authentication part either by writing a
> PAU plugin to authenticate your users who have corresponding domain
> objects, or even by writing your own local authentication utility.
>
> The authorization part can be done in different ways, but I think the
> simplest one is to set up a role 'owner' and then provide a
> zope.app.securitypolicy.interfaces.IPrincipalRoleMap adapter for your
> content objects that grants the owner role to the owners.
>   
Thank you for your prompt reply!
I think I've understood a little better the problem. The PAU part is 
quite clear to me, whereas I still have a little confusion about the 
IPrincipalRoleMap interface. If I understood well, its instances serve 
the purpose of relating roles and principals to a certain content 
object, but it also talks about 'settings': what are they?

-- 
Mattia "RedGlow" Belletti
http://thick.foschia.info - http://anacrusi.splinder.com



More information about the Zope3-users mailing list