[Zope-PTK] Roles, Groups, Security and Group Membership
Wed, 05 Jul 2000 16:04:47 GMT
> Well, my previous comment maybe, but some of this is PTK specific.
> > Okay, for the PTK bit, it's similar but different. The PTK only has the
> > concept of Users as members, each of whom have their own user area.
> > I think this is a bad starting point. I reckon groups should be members,
> > and groups should have their own areas, perhaps in /Groups/ or some such
> > in addition to the stuff in /Members. A User would then be able to edit
> > content in their member folder as well as content in the group folders
> > of any groups they belong to.
> I'm not sure that this is either necessary or desireable. I'd hate
> for simple PTK users to have to set up a group hierarchy to get
Agreed. Definitely not desirable to require that. Yuck!
> It seems to me that group membership is an attribute of a
> Member, like home folder. The publishing logic could then look at
> this attribute (these attributes? It may not be that simple.) to
> determine whether to automatically publish something or hold for
> review. I.E. the problem may not be the Zope security system, it may
> be the PTK using Zope security instead of a private mechanism.
I get what you're saying... but here's the thing I can't figure out. Say
either a role "Marketing" or assign a user to a local role of "Manager"
Marketing folder. Now granted, I'm probably abusing the DemoPortal for
I should, but how could I give the user access to a 'Set Status' like
is called in the context of that folder? Maybe I'm just streching for too
too little effort.
No, I guess what I'm asking about is streching the design too much. I
think what I
really want is for the status of a Portal Object ('Private', 'Pending',
to actually be affected by context. So that any given Object could be
"Marketing" but "Private" in the root folder. I don't think Zcatalog is
to like that.
Someone please tell me I'm wrong... but I think I'm going back to the
for this one.
I still think Zope could do with expanded Group ability... but NOT