[Grok-dev] Re: 0.14 todo list
faassen at startifact.com
Wed Jul 30 06:36:56 EDT 2008
Philipp von Weitershausen wrote:
> Martijn Faassen wrote:
>> Hi there,
>> Philipp von Weitershausen wrote:
>>>> Anything else to put on the list?
>>> Model-based security.
>> I deliberately didn't put it on the list, as 0.14 will be challenging
>> enough without it. It'd like to get the WSGI stuff in there finally,
>> and that's a huge enough new feature without piling on this.
>> Anyway, just a meme correction: Grok *does* have model-based security
>> and always has. We shouldn't go around saying Grok doesn't have it. It
>> doesn't have model-based security *checks*, but it's perfectly
>> possible to assign someone or a group a permission or role on a model.
> Not wanting to get into a terminology discussion, but I'd call these
> "model-based grants". This is a feature of Grok's default security
> policy, zope.securitypolicy. By model-based security I meant
> attribute-level protections on models.
I'm talking about marketing here. I'd prefer to call the model based
grants "model based security", or "model-level permissions". This is
for the reason that if you talk to someone who has no idea that security
proxies even exist (most Python programmers out there), "Grok needs
model-based security" means to him that Grok has no model-based grants
yet. But Grok/Zope 3 actually has a very powerful system for this,
probably more powerful than all competing web frameworks. We should be
careful to emphasize Grok's powerful security model and not accidentally
give people the impression that it doesn't.
More information about the Grok-dev