[Zope] owner security assertions

Florent Guillaume fg@nuxeo.com
Fri, 17 May 2002 12:47:24 +0000 (UTC)


 <kosh@aesaeion.com> wrote:
> Their username is listed as the owner of the object however it seems they
> can't do what an owner should be able to do when they login. If I give
> them the global role of owner thent they should. So for some reason they
> are not getting assigned the local role of owner.

As the owner in the Ownership tab or as a local role Owner in the local
roles tab ? Please be precise, as these two "owner" notions are quite
different.

> 
> > How do you create you objects ?
> 
> With a python script. I have it create one of the object with a default
> profile as a manager and then change the objects ownership which all seems
> to work just fine.

What do you mean by "change the object's ownership" ? Do you do that
with local roles or do you ob.changeOwnership() ? changeOwnership won't
change the local roles so won't do what you want.

> > You get it when you create the object, so in effect what you say is true
> > event if the mechanism is different. For instance if someone "takes
> > ownership" of an object it doesn't change the Owner local role.
> >
> 
> However shouldn't you have the owner role everytime you access the object
> also if you are authenticated?

Yes, if the object has an Owner local role you should.


Florent

-- 
Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 87  http://nuxeo.com  mailto:fg@nuxeo.com