[Zope3-dev] Two-part permissions?

[Chris Withers]

Guido van Rossum wrote:
> 
> - A permission is a token that is used as a requirement for an
>   operation.  There's a mapping from principals to permissions (which
>   is expressed using roles; the mapping is also dependent on the
>   context, i.e. the object on which the operation is requested and its
>   ancestors in the object hierarchy).  A principal is allowed to carry
>   out an operation if the required permission is in that principal's
>   mapping.
> 
>   Example permissions: View ZWiki Page, Create Folder, Delete Image.

Would it be worth breaking this down further?

Using this scheme, as Zope 2 does, you need a 'View X', a 'View Y', a 'View Z'
permission, then a 'Delete X', 'Delete Y', 'Delete Z' permission, and so on
ending up with a _lot_ of permissions.

Would it be possible or beneficial to break these down into 'View' and 'Delete'
permissions that could be controlled on the basis of the type of object they
applied to?

cheers,

Chris