[Zope-dev] Re: [Geeks] Re: Interface Meta Data proposal

Jim Fulton jim@digicool.com
Thu, 30 Nov 2000 09:15:20 -0500


Guido van Rossum wrote:
> 
> > Is security really a part of an object's interface?  I thought this was more
> > of an implementation thing.
> 
> Good point.  Certainly in Unix I can have two things implementing the
> same interface (e.g. two named pipes) with different security
> settings (i.e. modes).
> 
> However some security stuff can be part of the interface too: e.g. the
> fact that a Foo object has Read, Write and Execute permissions is
> usefully specified as part of its interface.  Whether a particular Foo
> instance has a given permission for a certain user is up to the
> instance.

I think we're talking about a different level of security setting
here.  In unix, you have certain fixed permissions (e.g. read, write,
execute).  The OS maps these permissions onto certain low-level operations
for the few objects it knows about.  This is about mapping permissions
onto objects, rather than deciding what users or groups have 
what permissions on an object.

In Zope, the programmer defines abstract permissions and decides how to map
the abstract permissions to object operations. It is this mapping that
makes sense for interfaces.  

Like Unix, Zope has a separate mechanism for deciding what users/roles
have what permissions on objects. This should not be part of the 
object interface.  These settings are done by users/administrators.

Jim

--
Jim Fulton           mailto:jim@digicool.com   Python Powered!        
Technical Director   (888) 344-4332            http://www.python.org  
Digital Creations    http://www.digicool.com   http://www.zope.org