[Zope-PTK] Roles, Groups, Security and Group Membership

Chris Withers chrisw@nipltd.com
Tue, 04 Jul 2000 12:22:04 +0100

Monty Taylor wrote:
> Am I making any sense at all? Does anyone see either a need for doing
> this or a way to do it? If it requires changes to PTK core, would anyone
> be interested in those, or should I throw them in my pile of dirty little
> secrets that no one should really know exist?

You're making perfect sense and I think it's a Zope problem partly, and
also a PTK problem.

The Zope problem is that Zope security has no idea about Groups.
As in Users/Members exist
There may have roles
They may also be members of Groups.
Groups may also be members of Groups.
Groups may also have roles associated with THEM.

Other major security systems I can think of (LDAP, Unix, NT, Notes) all
have this concept but Zope does not :(

Should this part of the discussion be moved to zope-dev?

Okay, for the PTK bit, it's similar but different. The PTK only has the
concept of Users as members, each of whom have their own user area.

I think this is a bad starting point. I reckon groups should be members,
and groups should have their own areas, perhaps in /Groups/ or some such
in addition to the stuff in /Members. A User would then be able to edit
content in their member folder as well as content in the group folders
of any groups they belong to.