[Zope-dev] Wild and crazzzzy idea: Hierarchial permissions

Oliver Bleutgen myzope@gmx.net
Thu, 22 Nov 2001 13:22:17 +0100


Lennart Regebro wrote:

> The list of permissions is getting quite long. It's the basic permissions of
> Zope, plus the ones for our CM system. And we haven't even integrated CMF
> with it (which we may or may not do in the future).
> 
> To make things easier to find we have names all our permissions "Easy
> <something>". I then got the idea that the permission list could be
> hierarchial or filtered or grouped or something. All permissions would have
> another setting to specify it group. That way the Zope base permissions
> could be grouped together into a "Zope Base" persmission group. We could
> group our in an "Torped Easy Publisher" permission group, and so on.
> 
> Good idea or stupid?

Well, for your use you could just hardcode some permission "groups" and
include them in the dtml-file which resembles zopes security screen.
A little bit javascript and selecting one of your groups would 
automagically be checked when you check one of your groups.

What I'm missig more is flexibility for the "Add object" mechanism.
The possibility to install products not globally, but locally for a 
folder and it's subfolders and some hierachical sorting of "add type" 
selectbox.
Perhaps the tree could be (ab-)used to get a structure like

+ text product
    - DTML Document
    - DTML Method
+ Images, Files
    - Image
    - File
+ SQL Stuff
    - ZSQL Method
    - PoPy Database Connection
    - Search Interface

etc....

To get back to the topic, perhaps your wishes and mine could be 
combined: A permissions group for "edit text products" which would 
automatically select the right permissions.

cheers,
oliver