[Zope3-dev] Initial thoughts on the Zope3 security framework
Lennart Regebro
lennart@regebro.nu
Fri, 14 Dec 2001 16:17:18 +0100
From: "Martijn Faassen" <faassen@vet.uu.nl>
> This would be nice, but the problem is then how to remove, say, 'View'
> permissions from a certain folder so that it is closed for, say,
> anonymous viewers.
I was a but unclear that. I tend to forget that blocking out local roles is
not an ability of core Zope 2. :-)
It can be done though: http://www.zope.org/Members/regebro/LRBlacklist
Then this case is not a problem. You just remove the "Viewer" role from the
"Not logged In" principal at that document. :-)
> It would be nice if the permission mapping could be set for a role, and
> only have the local roles of users and user group vary. I think that this
> would be powerful enough, if there are ways to take away a local role, and
> reducing the variability in the system while keeping or increasing the
> power would indeed be good.
I like this idea too, and I'm still trying to conjure up some situation
where it's not flexible enough.