[Zope-CMF] Object ownership

John Morton jwm@plain.co.nz
Tue, 21 May 2002 20:01:30 +1200


On Tuesday 21 May 2002 00:34, Tres Seaver wrote:
> There are two different senses of ownership within Zope:
>
>   - "executable" ownership defines the user whose roles mask those of
>     the invoking user;  this one addresses some server-side trojan
>     issues, and is mostly interesting for "methodish" objects

A method that transfers ownership should probably modify this, but otherwise
I can leave it allow. However, as it's set at object creation, I could use 
this to determine the object's creator, which is what I'm looking for.

>     ("Wesleyans"?)

Nice :-)

>   - the "Owner" local role defines who has the permissions associtated
>     with that role for the object:  e.g., who can edit in in the private
>     state (for the default workflow).  Users can be granted the owner
>     local role via:
>
>     o the ZMI (linked from the "Security" tab)
>
>     o The "Local Roles" action for folders (note that the role is
>       acquired by default)
>
>     o Scripts calling 'manage_{add,set,del}LocalRoles' (defined in
>       'AccessControl/Role.py').

But no methods for answering the question, "Which users have the local role 
'Owner' for this object?".  

I'll have a look around these places and see what I can come up with, though I 
think the kludge of saving the workflow actor name at object creation time 
might do the trick.

Thanks,
John