[Checkins] SVN: bluebream/website/docs/v1.0/tutorial4.rst bit cleanup
Baiju M
baiju.m.mail at gmail.com
Tue Aug 17 12:25:35 EDT 2010
Log message for revision 115739:
bit cleanup
Changed:
U bluebream/website/docs/v1.0/tutorial4.rst
-=-
Modified: bluebream/website/docs/v1.0/tutorial4.rst
===================================================================
--- bluebream/website/docs/v1.0/tutorial4.rst 2010-08-17 13:58:46 UTC (rev 115738)
+++ bluebream/website/docs/v1.0/tutorial4.rst 2010-08-17 16:25:35 UTC (rev 115739)
@@ -14,7 +14,7 @@
the whole security framework is organized around checking permissions on
objects. Permissions are like keys to doors that open to a particular
functionality. For example, in the issue tracker application used in the
-tutorial, we might need the permission `zope.View` to look at a tickets's
+tutorial, we might need the permission ``zope.View`` to look at a tickets'
detail screen. Principals, on the other hand, are agents of the system that
execute actions. The most common example of a principal is a user of the
system. Principal is a generalization of the user concept. The goal is now
@@ -28,11 +28,11 @@
the concept of roles. Roles are like hats people wear, as Jim Fulton would
say, and can be seen as a collection of permissions. A single user can have
several hats, but only wear one at a time. Prominent examples of roles
-include *editor* and *administrator*. Therefore, the default security
-policy supports mappings from permissions to principals, permissions to
-roles, and roles to principals. This chapter will use the default security
-policy to setup the security, but will clearly mark the sections that are
-security policy specific.
+include *member*, *editor* and *administrator*. Therefore, the default
+security policy supports mappings from permissions to principals,
+permissions to roles, and roles to principals. This chapter will use the
+default security policy to setup the security, but will clearly mark the
+sections that are security policy specific.
The first task will be to define a sensible set of permissions and change
the existing directives to use these new permissions. This is a bit
@@ -64,12 +64,12 @@
commenting must be possible.
*Edit* - Editing ticket details (after it is created) is only a permission
-given to the Admin possesses (for moderation), since we would not want a
-regular user to be able to manipulate tickets after creation.
+given to the admin user (for moderation), since we would not want a regular
+user to be able to manipulate tickets after creation.
-*Delete* - The Admin must be able to get rid of messages, of course.
-Therefore the Delete permission is assigned to her. Note that this
-permission does not allow the Admin to delete ticket collector objects.
+*Delete* - The admin must be able to get rid of comments, of course.
+Therefore the delete permission is assigned to her. Note that this
+permission does not allow the admin to delete ticket collector objects.
Let's define the permissions now. Note that they must appear at the very
beginning of the configuration file, so that they will be defined by the
@@ -123,10 +123,9 @@
permission, leaving off ``tc.``. However, the full *id* has to be specified
for the configuration to execute.
-Change the first `require` statement of in the ticket collector content
-directive to use the `View` permission (line 18 & 22). This makes the
-description and the items accessible to all users. Similarly, change line
-64 for the ticket.
+Change the first `require` statement of the ticket content directive to use
+the `View` permission. This makes the description and the items accessible
+to all users. Similarly, change permission for the comment.
Change the permission of line 46 to `Edit`, since only the message board
administrator should be able to change any of the properties of the
@@ -176,17 +175,17 @@
even be part of your package. For simplicity and keeping it all at one
place, we are going to store the policy-specific security configuration in
security.zcml. For our message board package we really only need two roles,
-*User* and *Editor*, which are declared as follows::
+*User* and *Admin*, which are declared as follows::
<role
id="tc.User"
- title="Ticket collector User"
- description="Users that actually use the Message Board."/>
+ title="Ticket collector user"
+ description="Users that actually use the ticket collector."/>
<role
- id="tc.Editor"
- title="Message Board Editor"
- description="The Editor can edit and delete Messages."/>
+ id="tc.Admin"
+ title="Ticket collector administrator"
+ description="The administrator can edit and delete tickets."/>
Equivalently to the zope:permission directive, the zope:role directive
creates and registers a new role with the global role registry. Again, the
@@ -203,19 +202,22 @@
permission="book.messageboard.View"
role="book.messageboard.User"
/>
+
<grant
permission="book.messageboard.Add"
role="book.messageboard.User"
/>
+
<grant
permission="book.messageboard.Edit"
role="book.messageboard.Editor"
/>
- <grant
- permission="book.messageboard.Delete"
- role="book.messageboard.Editor"
- />
+ <grant
+ permission="book.messageboard.Delete"
+ role="book.messageboard.Editor"
+ />
+
The ``zope:grant`` directive is fairly complex, since it permits all three
different types of security mappings. It allows you to assign a permission
to a principal, a role to a principal, and a permission to a role.
@@ -243,30 +245,30 @@
boardeditor. To do that, go to the BlueBream root directory and add the
following lines to principals.zcml:
-
<principal
id="book.messageboard.boarduser"
title="Message Board User"
login="boarduser" password="book"
/>
+
<grant
role="book.messageboard.User"
principal="book.messageboard.boarduser"
/>
- <principal
- id="book.messageboard.boardeditor"
- title="Message Board Editor"
- login="boardeditor" password="book"
- />
- <grant
- role="book.messageboard.User"
- principal="book.messageboard.boardeditor"
- />
- <grant
- role="book.messageboard.Editor"
- principal="book.messageboard.boardeditor"
- />
+ <principal
+ id="book.messageboard.boardeditor"
+ title="Message Board Editor"
+ login="boardeditor" password="book"
+ />
+ <grant
+ role="book.messageboard.User"
+ principal="book.messageboard.boardeditor"
+ />
+ <grant
+ role="book.messageboard.Editor"
+ principal="book.messageboard.boardeditor"
+ />
The zope:principal directive creates and registers a new principal/user in
the system. Like for all security object directives, the id and title
More information about the checkins
mailing list