[Zope3-dev] Initial thoughts on the Zope3 security framework
Ken Manheimer
klm@zope.com
Mon, 10 Dec 2001 12:45:57 -0500 (EST)
On Sun, 9 Dec 2001, Guido van Rossum wrote:
> [me]
> > > OK, that makes sense -- just as there can be user folders sitting
> > > anywhere in a tree, there can be roles defined anywhere in the tree,
> > > and they propagate down in the same way. Right?
>
> [Ken]
> > Close.
>
> This suggests I wasn't quite right (as in "close, but no cigar"), but
> the rest of what you write doesn't explain where I was wrong.
I was trying to clarify "roles defined". I saw at least three
alternatives: declaration of role names, role-to-permission mapping, and
role-to-user mappings. In fact, it's the third - local roles express
role-to-user mappings. (As i went on to say, role-to-permision mappings
are done separately, and i also (patting myself on the back:) gave some
examples using local roles.)
I'm sorry i didn't point more directly at the ambiguity, in the first
place.
> > joe_user account gets reviewer role within the folder. The role mappings
> > obtain for objects contained within the folders, so the local roles apply
> > for objects in the folder and in subfolders.
> Since when can "obtain" be used intransitively? What does "X obtains"
> mean?
"holds true". I didn't quite realize this was an obscure construct (and i
couldn't have told you what "intransitive" means without looking it up).
Anyway, i guess i figured that the meaning of "obtain" in the more common
construct is sufficient cue. I think my mind grasps language according to
such cues (perhaps we have different internal strategies...)
--
Ken
klm@zope.com