[Zope-CMF] A very long permissions list ;-)

Dieter Maurer dieter@handshake.de
Thu, 12 Apr 2001 00:04:04 +0200 (CEST)


Chris Withers writes:
 > Dieter Maurer wrote:
 > > Chris Withers writes:
 > >  > .... That's 250 permissions! Is Zope okay with that?
 > > I do not think so.
 > > 
 > >   The permission page is very unwieldy and need to get a
 > >   better design.
 > 
 > Well, I wouldn't be using the permissions _page_ to modify these. I was asking
 > about the Zope security machinery. How would that hold up?
This is no problem for Zope. It can support arbitrary many permissions
(beside managing the permission page).

  Zope is only interested in a permission for
  an access to an attribute, say *a*.

  Zope will then look at "*a*__roles__". This is a computed
  attribute that will evaluate to the roles that are allowed
  to access the attribute. It traverses up the containment
  chain until it finds either a permission mapping for
  the single permission that protects the attribute,
  or an object that does not inherit the mapping
  or the end of the containment chain.

  This process is independent from the number of permissions.


Dieter