[Zope-PTK] Roles, Groups, Security and Group Membership

[Shane Hathaway]

Chris Withers wrote:
> 
> Monty Taylor wrote:
> > Am I making any sense at all? Does anyone see either a need for doing
> > this or a way to do it? If it requires changes to PTK core, would anyone
> > be interested in those, or should I throw them in my pile of dirty little
> > secrets that no one should really know exist?
> 
> You're making perfect sense and I think it's a Zope problem partly, and
> also a PTK problem.
> 
> The Zope problem is that Zope security has no idea about Groups.
> As in Users/Members exist
> There may have roles
> They may also be members of Groups.
> Groups may also be members of Groups.
> Groups may also have roles associated with THEM.

Although it's not exactly the same, you can set up "group roles".  Just
name your roles "Group x" and assign users to those groups by giving
them those roles.

The one thing missing in this scheme is that role mappings currently
can't be set up to inherit from other role mappings.

On the other hand, if you're referring partially to "local roles" then
that's another matter.  Perhaps you're looking for the ability to
assign local roles based on group memberships.  I have some ideas for
implementing that.  Actually ACLManager, a product I wrote a few months
ago, does that in a round-about way.  I've learned a lot since then and
have come to some conclusions on how I should have implemented it.

Shane